Kubernetes API Object Explorer
Apps
-
Pod Pod is a collection of containers that can run on a host. This resource is
created by clients and scheduled onto hosts.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
PodSpec is a description of a pod.
- activeDeadlineSeconds (integer) Optional duration in seconds the pod may be active on the node relative to
StartTime before the system will actively try to mark it failed and kill
associated containers. Value must be a positive integer.
-
affinity (Object) If specified, the pod's scheduling constraints
Affinity is a group of affinity scheduling rules.
-
nodeAffinity (Object) Describes node affinity scheduling rules for the pod.
Node affinity is a group of node affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node matches
the corresponding matchExpressions; the node(s) with the highest sum are
the most preferred.
An empty preferred scheduling term matches all objects with implicit weight
0 (i.e. it's a no-op). A null preferred scheduling term matches no objects
(i.e. is also a no-op).
-
preference (Object) A node selector term, associated with the corresponding weight.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
- weight (integer) Weight associated with matching the corresponding nodeSelectorTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution (Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to an update), the system may or may not try
to eventually evict the pod from its node.
A node selector represents the union of the results of one or more label
queries over a set of nodes; that is, it represents the OR of the selectors
represented by the node selector terms.
-
nodeSelectorTerms ([]Object) Required. A list of node selector terms. The terms are ORed.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
-
-
-
podAffinity (Object) Describes pod affinity scheduling rules (e.g. co-locate this pod in the
same node, zone, etc. as some other pod(s)).
Pod affinity is a group of inter pod affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node has pods
which matches the corresponding podAffinityTerm; the node(s) with the
highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to a pod label update), the system may or
may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
podAntiAffinity (Object) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod
in the same node, zone, etc. as some other pod(s)).
Pod anti affinity is a group of inter pod anti affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
anti-affinity expressions specified by this field, but it may choose a node
that violates one or more of the expressions. The node that is most
preferred is the one with the greatest sum of weights, i.e. for each node
that meets all of the scheduling requirements (resource request,
requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by
iterating through the elements of this field and adding "weight" to the sum
if the node has pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the anti-affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
anti-affinity requirements specified by this field cease to be met at some
point during pod execution (e.g. due to a pod label update), the system may
or may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
- automountServiceAccountToken (boolean) AutomountServiceAccountToken indicates whether a service account token
should be automatically mounted.
-
containers ([]Object) List of containers belonging to the pod. Containers cannot currently be
added or removed. There must be at least one container in a Pod. Cannot be
updated.
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
dnsConfig (Object) Specifies the DNS parameters of a pod. Parameters specified here will be
merged to the generated DNS configuration based on DNSPolicy.
PodDNSConfig defines the DNS parameters of a pod in addition to those
generated from DNSPolicy.
- nameservers ([]string) A list of DNS name server IP addresses. This will be appended to the base
nameservers generated from DNSPolicy. Duplicated nameservers will be
removed.
-
options ([]Object) A list of DNS resolver options. This will be merged with the base options
generated from DNSPolicy. Duplicated entries will be removed. Resolution
options given in Options will override those that appear in the base
DNSPolicy.
PodDNSConfigOption defines DNS resolver options of a pod.
- name (string) Required.
- value (string) (empty)
-
- searches ([]string) A list of DNS search domains for host-name lookup. This will be appended to
the base search paths generated from DNSPolicy. Duplicated search paths
will be removed.
-
- dnsPolicy (string) Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are
'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS
parameters given in DNSConfig will be merged with the policy selected with
DNSPolicy. To have DNS options set along with hostNetwork, you have to
specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
- enableServiceLinks (boolean) EnableServiceLinks indicates whether information about services should be
injected into pod's environment variables, matching the syntax of Docker
links. Optional: Defaults to true.
-
ephemeralContainers ([]Object) List of ephemeral containers run in this pod. Ephemeral containers may be
run in an existing pod to perform user-initiated actions such as debugging.
This list cannot be specified when creating a pod, and it cannot be
modified by updating the pod spec. In order to add an ephemeral container
to an existing pod, use the pod's ephemeralcontainers subresource. This
field is beta-level and available on clusters that haven't disabled the
EphemeralContainers feature gate.
An EphemeralContainer is a temporary container that you may add to an
existing Pod for user-initiated activities such as debugging. Ephemeral
containers have no resource or scheduling guarantees, and they will not be
restarted when they exit or when a Pod is removed or restarted. The kubelet
may evict a Pod if an ephemeral container causes the Pod to exceed its
resource allocation.
To add an ephemeral container, use the ephemeralcontainers subresource of
an existing Pod. Ephemeral containers may not be removed or restarted.
This is a beta feature available on clusters that haven't disabled the
EphemeralContainers feature gate.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Lifecycle is not allowed for ephemeral containers.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the ephemeral container specified as a DNS_LABEL. This name must be
unique among all containers, init containers and ephemeral containers.
-
ports ([]Object) Ports are not allowed for ephemeral containers.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Resources are not allowed for ephemeral containers. Ephemeral containers
use spare resources already allocated to the pod.
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) Optional: SecurityContext defines the security options the ephemeral
container should be run with. If set, the fields of SecurityContext
override the equivalent fields of PodSecurityContext.
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- targetContainerName (string) If set, the name of the container from PodSpec that this ephemeral
container targets. The ephemeral container will be run in the namespaces
(IPC, PID, etc) of this container. If not set then the ephemeral container
uses the namespaces configured in the Pod spec.
The container runtime must implement support for this feature. If the
runtime does not support namespace targeting then the result of setting
this field is undefined.
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Subpath mounts are
not allowed for ephemeral containers. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
hostAliases ([]Object) HostAliases is an optional list of hosts and IPs that will be injected into
the pod's hosts file if specified. This is only valid for non-hostNetwork
pods.
HostAlias holds the mapping between IP and hostnames that will be injected
as an entry in the pod's hosts file.
- hostnames ([]string) Hostnames for the above IP address.
- ip (string) IP address of the host file entry.
-
- hostIPC (boolean) Use the host's ipc namespace. Optional: Default to false.
- hostNetwork (boolean) Host networking requested for this pod. Use the host's network namespace.
If this option is set, the ports that will be used must be specified.
Default to false.
- hostPID (boolean) Use the host's pid namespace. Optional: Default to false.
- hostname (string) Specifies the hostname of the Pod If not specified, the pod's hostname will
be set to a system-defined value.
-
imagePullSecrets ([]Object) ImagePullSecrets is an optional list of references to secrets in the same
namespace to use for pulling any of the images used by this PodSpec. If
specified, these secrets will be passed to individual puller
implementations for them to use. For example, in the case of docker, only
DockerConfig type secrets are honored. More info:
https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
initContainers ([]Object) List of initialization containers belonging to the pod. Init containers are
executed in order prior to containers being started. If any init container
fails, the pod is considered to have failed and is handled according to its
restartPolicy. The name for an init container or normal container must be
unique among all containers. Init containers may not have Lifecycle
actions, Readiness probes, Liveness probes, or Startup probes. The
resourceRequirements of an init container are taken into account during
scheduling by finding the highest request/limit for each resource type, and
then using the max of of that value or the sum of the normal containers.
Limits are applied to init containers in a similar fashion. Init containers
cannot currently be added or removed. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
- nodeName (string) NodeName is a request to schedule this pod onto a specific node. If it is
non-empty, the scheduler simply schedules this pod onto that node, assuming
that it fits resource requirements.
- nodeSelector (map[string]string) NodeSelector is a selector which must be true for the pod to fit on a node.
Selector which must match a node's labels for the pod to be scheduled on
that node. More info:
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-
os (Object) Specifies the OS of the containers in the pod. Some pod and container
fields are restricted if this is set.
If the OS field is set to linux, the following fields must be unset:
-securityContext.windowsOptions
If the OS field is set to windows, following fields must be unset: -
spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions -
spec.securityContext.seccompProfile - spec.securityContext.fsGroup -
spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls -
spec.shareProcessNamespace - spec.securityContext.runAsUser -
spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups -
spec.containers[*].securityContext.seLinuxOptions -
spec.containers[*].securityContext.seccompProfile -
spec.containers[*].securityContext.capabilities -
spec.containers[*].securityContext.readOnlyRootFilesystem -
spec.containers[*].securityContext.privileged -
spec.containers[*].securityContext.allowPrivilegeEscalation -
spec.containers[*].securityContext.procMount -
spec.containers[*].securityContext.runAsUser -
spec.containers[*].securityContext.runAsGroup This is an alpha field and
requires the IdentifyPodOS feature
PodOS defines the OS parameters of a pod.
- name (string) Name is the name of the operating system. The currently supported values
are linux and windows. Additional value may be defined in future and can be
one of:
https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
Clients should expect to handle additional values and treat unrecognized
values in this field as os: null
-
- overhead (map[string]string) Overhead represents the resource overhead associated with running a pod for
a given RuntimeClass. This field will be autopopulated at admission time by
the RuntimeClass admission controller. If the RuntimeClass admission
controller is enabled, overhead must not be set in Pod create requests. The
RuntimeClass admission controller will reject Pod create requests which
have the overhead already set. If RuntimeClass is configured and selected
in the PodSpec, Overhead will be set to the value defined in the
corresponding RuntimeClass, otherwise it will remain unset and treated as
zero. More info:
https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
This field is beta-level as of Kubernetes v1.18, and is only honored by
servers that enable the PodOverhead feature.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- preemptionPolicy (string) PreemptionPolicy is the Policy for preempting pods with lower priority. One
of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
This field is beta-level, gated by the NonPreemptingPriority feature-gate.
- priority (integer) The priority value. Various system components use this field to find the
priority of the pod. When Priority Admission Controller is enabled, it
prevents users from setting this field. The admission controller populates
this field from PriorityClassName. The higher the value, the higher the
priority.
- priorityClassName (string) If specified, indicates the pod's priority. "system-node-critical" and
"system-cluster-critical" are two special keywords which indicate the
highest priorities with the former being the highest priority. Any other
name must be defined by creating a PriorityClass object with that name. If
not specified, the pod priority will be default or zero if there is no
default.
-
readinessGates ([]Object) If specified, all readiness gates will be evaluated for pod readiness. A
pod is ready when all its containers are ready AND all conditions specified
in the readiness gates have status equal to "True" More info:
https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
PodReadinessGate contains the reference to a pod condition
- conditionType (string) ConditionType refers to a condition in the pod's condition list with
matching type.
-
- restartPolicy (string) Restart policy for all containers within the pod. One of Always, OnFailure,
Never. Default to Always. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
- runtimeClassName (string) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group,
which should be used to run this pod. If no RuntimeClass resource matches
the named class, the pod will not be run. If unset or empty, the "legacy"
RuntimeClass will be used, which is an implicit class with an empty
definition that uses the default runtime handler. More info:
https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class This is a
beta feature as of Kubernetes v1.14.
- schedulerName (string) If specified, the pod will be dispatched by specified scheduler. If not
specified, the pod will be dispatched by default scheduler.
-
securityContext (Object) SecurityContext holds pod-level security attributes and common container
settings. Optional: Defaults to empty. See type description for default
values of each field.
PodSecurityContext holds pod-level security attributes and common container
settings. Some fields are also present in container.securityContext. Field
values of container.securityContext take precedence over field values of
PodSecurityContext.
- fsGroup (integer) A special supplemental group that applies to all containers in a pod. Some
volume types allow the Kubelet to change the ownership of that volume to be
owned by the pod:
1. The owning GID will be the FSGroup 2. The setgid bit is set (new files
created in the volume will be owned by FSGroup) 3. The permission bits are
OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any
volume. Note that this field cannot be set when spec.os.name is windows.
- fsGroupChangePolicy (string) fsGroupChangePolicy defines behavior of changing ownership and permission
of the volume before being exposed inside Pod. This field will only apply
to volume types which support fsGroup based ownership(and permissions). It
will have no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always". If not
specified, "Always" is used. Note that this field cannot be set when
spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence for that container.
Note that this field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to all containers. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by the containers in this pod. Note that this
field cannot be set when spec.os.name is windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
- supplementalGroups ([]integer) A list of groups applied to the first process run in each container, in
addition to the container's primary GID. If unspecified, no groups will be
added to any container. Note that this field cannot be set when
spec.os.name is windows.
-
sysctls ([]Object) Sysctls hold a list of namespaced sysctls used for the pod. Pods with
unsupported sysctls (by the container runtime) might fail to launch. Note
that this field cannot be set when spec.os.name is windows.
Sysctl defines a kernel parameter to be set
- name (string) Name of a property to set
- value (string) Value of a property to set
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options within a container's SecurityContext will be used. If set in
both SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
- serviceAccount (string) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
Deprecated: Use serviceAccountName instead.
- serviceAccountName (string) ServiceAccountName is the name of the ServiceAccount to use to run this
pod. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- setHostnameAsFQDN (boolean) If true the pod's hostname will be configured as the pod's FQDN, rather
than the leaf name (the default). In Linux containers, this means setting
the FQDN in the hostname field of the kernel (the nodename field of struct
utsname). In Windows containers, this means setting the registry value of
hostname for the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to
FQDN. If a pod does not have FQDN, this has no effect. Default to false.
- shareProcessNamespace (boolean) Share a single process namespace between all of the containers in a pod.
When this is set containers will be able to view and signal processes from
other containers in the same pod, and the first process in each container
will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both
be set. Optional: Default to false.
- subdomain (string) If specified, the fully qualified Pod hostname will be
"(hostname).(subdomain).(pod namespace).svc.(cluster domain)". If not
specified, the pod will not have a domainname at all.
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully. May be
decreased in delete request. Value must be non-negative integer. The value
zero indicates stop immediately via the kill signal (no opportunity to shut
down). If this value is nil, the default grace period will be used instead.
The grace period is the duration in seconds after the processes running in
the pod are sent a termination signal and the time when the processes are
forcibly halted with a kill signal. Set this value longer than the expected
cleanup time for your process. Defaults to 30 seconds.
-
tolerations ([]Object) If specified, the pod's tolerations.
The pod this Toleration is attached to tolerates any taint that matches the
triple (key,value,effect) using the matching operator (operator).
- effect (string) Effect indicates the taint effect to match. Empty means match all taint
effects. When specified, allowed values are NoSchedule, PreferNoSchedule
and NoExecute.
- key (string) Key is the taint key that the toleration applies to. Empty means match all
taint keys. If the key is empty, operator must be Exists; this combination
means to match all values and all keys.
- operator (string) Operator represents a key's relationship to the value. Valid operators are
Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for
value, so that a pod can tolerate all taints of a particular category.
- tolerationSeconds (integer) TolerationSeconds represents the period of time the toleration (which must
be of effect NoExecute, otherwise this field is ignored) tolerates the
taint. By default, it is not set, which means tolerate the taint forever
(do not evict). Zero and negative values will be treated as 0 (evict
immediately) by the system.
- value (string) Value is the taint value the toleration matches to. If the operator is
Exists, the value should be empty, otherwise just a regular string.
-
-
topologySpreadConstraints ([]Object) TopologySpreadConstraints describes how a group of pods ought to spread
across topology domains. Scheduler will schedule pods in a way which abides
by the constraints. All topologySpreadConstraints are ANDed.
TopologySpreadConstraint specifies how to spread matching pods among the
given topology.
-
labelSelector (Object) LabelSelector is used to find matching pods. Pods that match this label
selector are counted to determine the number of pods in their corresponding
topology domain.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- maxSkew (integer) MaxSkew describes the degree to which pods may be unevenly distributed.
When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted
difference between the number of matching pods in the target topology and
the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1,
and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 |
zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled
to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the
ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2,
incoming pod can be scheduled onto any zone. When
`whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to
topologies that satisfy it. It's a required field. Default value is 1 and 0
is not allowed.
- topologyKey (string) TopologyKey is the key of node labels. Nodes that have a label with this
key and identical values are considered to be in the same topology. We
consider each (key, value) as a "bucket", and try to put balanced number of
pods into each bucket. It's a required field.
- whenUnsatisfiable (string) WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
the spread constraint. - DoNotSchedule (default) tells the scheduler not to
schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in
any location, but giving higher precedence to topologies that would help
reduce the skew. A constraint is considered "Unsatisfiable" for an incoming
pod if and only if every possible node assignment for that pod would
violate "MaxSkew" on some topology. For example, in a 3-zone cluster,
MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:
| zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to
DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become
3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In
other words, the cluster can still be imbalanced, but scheduler won't make
it *more* imbalanced. It's a required field.
-
-
volumes ([]Object) List of volumes that can be mounted by containers belonging to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes
Volume represents a named volume in a pod that may be accessed by any
container in the pod.
-
awsElasticBlockStore (Object) AWSElasticBlockStore represents an AWS Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
Represents a Persistent Disk resource in AWS.
An AWS EBS disk must exist before mounting to a container. The disk must
also be in the same AWS zone as the kubelet. An AWS EBS disk can only be
mounted as read/write once. AWS EBS volumes support ownership management
and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty).
- readOnly (boolean) Specify "true" to force and set the ReadOnly property in VolumeMounts to
"true". If omitted, the default is "false". More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- volumeID (string) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More
info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-
azureDisk (Object) AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
- cachingMode (string) Host Caching mode: None, Read Only, Read Write.
- diskName (string) The Name of the data disk in the blob storage
- diskURI (string) The URI the data disk in the blob storage
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- kind (string) Expected values Shared: multiple blob disks per storage account Dedicated:
single blob disk per storage account Managed: azure managed data disk (only
in managed availability set). defaults to shared
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
-
azureFile (Object) AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- secretName (string) the name of secret that contains Azure Storage Account Name and Key
- shareName (string) Share Name
-
-
cephfs (Object) CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs
volumes do not support ownership management or SELinux relabeling.
- monitors ([]string) Required: Monitors is a collection of Ceph monitors More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- path (string) Optional: Used as the mounted root, rather than the full Ceph tree, default
is /
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- secretFile (string) Optional: SecretFile is the path to key ring for User, default is
/etc/ceph/user.secret More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
secretRef (Object) Optional: SecretRef is reference to the authentication secret for User,
default is empty. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) Optional: User is the rados user name, default is admin More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-
cinder (Object) Cinder represents a cinder volume attached and mounted on kubelets host
machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
Represents a cinder volume resource in Openstack. A Cinder volume must
exist before mounting to a container. The volume must also be in the same
region as the kubelet. Cinder volumes support ownership management and
SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
be "ext4" if unspecified. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
secretRef (Object) Optional: points to a secret object containing parameters used to connect
to OpenStack.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeID (string) volume id used to identify the volume in cinder. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
-
configMap (Object) ConfigMap represents a configMap that should populate this volume
Adapts a ConfigMap into a volume.
The contents of the target ConfigMap's Data field will be presented in a
volume as files using the keys in the Data field as the file names, unless
the items element is populated with specific mappings of keys to paths.
ConfigMap volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
csi (Object) CSI (Container Storage Interface) represents ephemeral storage that is
handled by certain external CSI drivers (Beta feature).
Represents a source location of a volume to mount, managed by an external
CSI driver
- driver (string) Driver is the name of the CSI driver that handles this volume. Consult with
your admin for the correct name as registered in the cluster.
- fsType (string) Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the
empty value is passed to the associated CSI driver which will determine the
default filesystem to apply.
-
nodePublishSecretRef (Object) NodePublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls. This field is optional,
and may be empty if no secret is required. If the secret object contains
more than one secret, all secret references are passed.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- readOnly (boolean) Specifies a read-only configuration for the volume. Defaults to false
(read/write).
- volumeAttributes (map[string]string) VolumeAttributes stores driver-specific properties that are passed to the
CSI driver. Consult your driver's documentation for supported values.
-
-
downwardAPI (Object) DownwardAPI represents downward API about the pod that should populate this
volume
DownwardAPIVolumeSource represents a volume containing downward API info.
Downward API volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits to use on created files by default. Must be a Optional:
mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) Items is a list of downward API volume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
emptyDir (Object) EmptyDir represents a temporary directory that shares a pod's lifetime.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
Represents an empty directory for a pod. Empty directory volumes support
ownership management and SELinux relabeling.
- medium (string) What type of storage medium should back this directory. The default is ""
which means to use the node's default medium. Must be an empty string
(default) or Memory. More info:
https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- sizeLimit (string) Total amount of local storage required for this EmptyDir volume. The size
limit is also applicable for memory medium. The maximum usage on memory
medium EmptyDir would be the minimum value between the SizeLimit specified
here and the sum of memory limits of all containers in a pod. The default
is nil which means that the limit is undefined. More info:
http://kubernetes.io/docs/user-guide/volumes#emptydir
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
ephemeral (Object) Ephemeral represents a volume that is handled by a cluster storage driver.
The volume's lifecycle is tied to the pod that defines it - it will be
created before the pod starts, and deleted when the pod is removed.
Use this if: a) the volume is only needed while the pod runs, b) features
of normal volumes like restoring from snapshot or capacity tracking are
needed, c) the storage driver is specified through a storage class, and d)
the storage driver supports dynamic volume provisioning through a
PersistentVolumeClaim (see EphemeralVolumeSource for more information on
the connection between this volume type and PersistentVolumeClaim).
Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes
that persist for longer than the lifecycle of an individual pod.
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant
to be used that way - see the documentation of the driver for more
information.
A pod can use both types of ephemeral volumes and persistent volumes at the
same time.
Represents an ephemeral volume that is handled by a normal storage driver.
-
volumeClaimTemplate (Object) Will be used to create a stand-alone PVC to provision the volume. The pod
in which this EphemeralVolumeSource is embedded will be the owner of the
PVC, i.e. the PVC will be deleted together with the pod. The name of the
PVC will be `(pod name)-(volume name)` where `(volume name)` is the name
from the `PodSpec.Volumes` array entry. Pod validation will reject the pod
if the concatenated name is not valid for a PVC (for example, too long).
An existing PVC with that name that is not owned by the pod will *not* be
used for the pod to avoid using an unrelated volume by mistake. Starting
the pod is then blocked until the unrelated PVC is removed. If such a
pre-created PVC is meant to be used by the pod, the PVC has to updated with
an owner reference to the pod once the pod exists. Normally this should not
be necessary, but it may be useful when manually reconstructing a broken
cluster.
This field is read-only and no changes will be made by Kubernetes to the
PVC after it has been created.
Required, must not be nil.
PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim
objects as part of an EphemeralVolumeSource.
-
metadata (Object) May contain labels and annotations that will be copied into the PVC when
creating it. No other fields are allowed and will be rejected during
validation.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) The specification for the PersistentVolumeClaim. The entire content is
copied unchanged into the PVC that gets created from this template. The
same fields as in a PersistentVolumeClaim are also valid here.
PersistentVolumeClaimSpec describes the common attributes of storage
devices and allows a Source for provider-specific attributes
- accessModes ([]string) AccessModes contains the desired access modes the volume should have. More
info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-
dataSource (Object) This field can be used to specify either: * An existing VolumeSnapshot
object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC
(PersistentVolumeClaim) If the provisioner or an external controller can
support the specified data source, it will create a new volume based on the
contents of the specified data source. If the AnyVolumeDataSource feature
gate is enabled, this field will always have the same contents as the
DataSourceRef field.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
dataSourceRef (Object) Specifies the object from which to populate the volume with data, if a
non-empty volume is desired. This may be any local object from a non-empty
API group (non core object) or a PersistentVolumeClaim object. When this
field is specified, volume binding will only succeed if the type of the
specified object matches some installed volume populator or dynamic
provisioner. This field will replace the functionality of the DataSource
field and as such if both fields are non-empty, they must have the same
value. For backwards compatibility, both fields (DataSource and
DataSourceRef) will be set to the same value automatically if one of them
is empty and the other is non-empty. There are two important differences
between DataSource and DataSourceRef: * While DataSource only allows two
specific types of objects, DataSourceRef allows any non-core object, as
well as PersistentVolumeClaim objects.
* While DataSource ignores disallowed values (dropping them), DataSourceRef
preserves all values, and generates an error if a disallowed value is
specified. (Alpha) Using this field requires the AnyVolumeDataSource
feature gate to be enabled.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
resources (Object) Resources represents the minimum resources the volume should have. If
RecoverVolumeExpansionFailure feature is enabled users are allowed to
specify resource requirements that are lower than previous value but must
still be higher than capacity recorded in the status field of the claim.
More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
selector (Object) A label query over volumes to consider for binding.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- storageClassName (string) Name of the StorageClass required by the claim. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- volumeMode (string) volumeMode defines what type of volume is required by the claim. Value of
Filesystem is implied when not included in claim spec.
- volumeName (string) VolumeName is the binding reference to the PersistentVolume backing this
claim.
-
-
-
-
fc (Object) FC represents a Fibre Channel resource that is attached to a kubelet's host
machine and then exposed to the pod.
Represents a Fibre Channel volume. Fibre Channel volumes can only be
mounted as read/write once. Fibre Channel volumes support ownership
management and SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- lun (integer) Optional: FC target lun number
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
- targetWWNs ([]string) Optional: FC target worldwide names (WWNs)
- wwids ([]string) Optional: FC volume world wide identifiers (wwids) Either wwids or
combination of targetWWNs and lun must be set, but not both simultaneously.
-
-
flexVolume (Object) FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
- driver (string) Driver is the name of the driver to use for this volume.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends
on FlexVolume script.
- options (map[string]string) Optional: Extra command options if any.
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
-
secretRef (Object) Optional: SecretRef is reference to the secret object containing sensitive
information to pass to the plugin scripts. This may be empty if no secret
object is specified. If the secret object contains more than one secret,
all secrets are passed to the plugin scripts.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
flocker (Object) Flocker represents a Flocker volume attached to a kubelet's host machine.
This depends on the Flocker control service being running
Represents a Flocker volume mounted by the Flocker agent. One and only one
of datasetName and datasetUUID should be set. Flocker volumes do not
support ownership management or SELinux relabeling.
- datasetName (string) Name of the dataset stored as metadata -) name on the dataset for Flocker
should be considered as deprecated
- datasetUUID (string) UUID of the dataset. This is unique identifier of a Flocker dataset
-
-
gcePersistentDisk (Object) GCEPersistentDisk represents a GCE Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
Represents a Persistent Disk resource in Google Compute Engine.
A GCE PD must exist before mounting to a container. The disk must also be
in the same GCE project and zone as the kubelet. A GCE PD can only be
mounted as read/write once or read-only many times. GCE PDs support
ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty). More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- pdName (string) Unique name of the PD resource in GCE. Used to identify the disk in GCE.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-
gitRepo (Object) GitRepo represents a git repository at a particular revision. DEPRECATED:
GitRepo is deprecated. To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo using git, then mount
the EmptyDir into the Pod's container.
Represents a volume that is populated with the contents of a git
repository. Git repo volumes do not support ownership management. Git repo
volumes support SELinux relabeling.
DEPRECATED: GitRepo is deprecated. To provision a container with a git
repo, mount an EmptyDir into an InitContainer that clones the repo using
git, then mount the EmptyDir into the Pod's container.
- directory (string) Target directory name. Must not contain or start with '..'. If '.' is
supplied, the volume directory will be the git repository. Otherwise, if
specified, the volume will contain the git repository in the subdirectory
with the given name.
- repository (string) Repository URL
- revision (string) Commit hash for the specified revision.
-
-
glusterfs (Object) Glusterfs represents a Glusterfs mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs
volumes do not support ownership management or SELinux relabeling.
- endpoints (string) EndpointsName is the endpoint name that details Glusterfs topology. More
info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- path (string) Path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- readOnly (boolean) ReadOnly here will force the Glusterfs volume to be mounted with read-only
permissions. Defaults to false. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-
hostPath (Object) HostPath represents a pre-existing file or directory on the host machine
that is directly exposed to the container. This is generally used for
system agents or other privileged things that are allowed to see the host
machine. Most containers will NOT need this. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
Represents a host path mapped into a pod. Host path volumes do not support
ownership management or SELinux relabeling.
- path (string) Path of the directory on the host. If the path is a symlink, it will follow
the link to the real path. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- type (string) Type for HostPath Volume Defaults to "" More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-
iscsi (Object) ISCSI represents an ISCSI Disk resource that is attached to a kubelet's
host machine and then exposed to the pod. More info:
https://examples.k8s.io/volumes/iscsi/README.md
Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write
once. ISCSI volumes support ownership management and SELinux relabeling.
- chapAuthDiscovery (boolean) whether support iSCSI Discovery CHAP authentication
- chapAuthSession (boolean) whether support iSCSI Session CHAP authentication
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- initiatorName (string) Custom iSCSI Initiator Name. If initiatorName is specified with
iscsiInterface simultaneously, new iSCSI interface (target portal):(volume
name) will be created for the connection.
- iqn (string) Target iSCSI Qualified Name.
- iscsiInterface (string) iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default'
(tcp).
- lun (integer) iSCSI Target Lun number.
- portals ([]string) iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the
port is other than default (typically TCP ports 860 and 3260).
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false.
-
secretRef (Object) CHAP Secret for iSCSI target and initiator authentication
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- targetPortal (string) iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
is other than default (typically TCP ports 860 and 3260).
-
- name (string) Volume's name. Must be a DNS_LABEL and unique within the pod. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
nfs (Object) NFS represents an NFS mount on the host that shares a pod's lifetime More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do
not support ownership management or SELinux relabeling.
- path (string) Path that is exported by the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- readOnly (boolean) ReadOnly here will force the NFS export to be mounted with read-only
permissions. Defaults to false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- server (string) Server is the hostname or IP address of the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-
persistentVolumeClaim (Object) PersistentVolumeClaimVolumeSource represents a reference to a
PersistentVolumeClaim in the same namespace. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
PersistentVolumeClaimVolumeSource references the user's PVC in the same
namespace. This volume finds the bound PV and mounts that volume for the
pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around
another type of volume that is owned by someone else (the system).
- claimName (string) ClaimName is the name of a PersistentVolumeClaim in the same namespace as
the pod using this volume. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- readOnly (boolean) Will force the ReadOnly setting in VolumeMounts. Default false.
-
-
photonPersistentDisk (Object) PhotonPersistentDisk represents a PhotonController persistent disk attached
and mounted on kubelets host machine
Represents a Photon Controller persistent disk resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- pdID (string) ID that identifies Photon Controller persistent disk
-
-
portworxVolume (Object) PortworxVolume represents a portworx volume attached and mounted on
kubelets host machine
PortworxVolumeSource represents a Portworx volume resource.
- fsType (string) FSType represents the filesystem type to mount Must be a filesystem type
supported by the host operating system. Ex. "ext4", "xfs". Implicitly
inferred to be "ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- volumeID (string) VolumeID uniquely identifies a Portworx volume
-
-
projected (Object) Items for all in one resources secrets, configmaps, and downward API
Represents a projected volume source
- defaultMode (integer) Mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Directories within the path are not affected by this
setting. This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
-
sources ([]Object) list of volume projections
Projection that may be projected along with other supported volume types
-
configMap (Object) information about the configMap data to project
Adapts a ConfigMap into a projected volume.
The contents of the target ConfigMap's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names, unless the items element is populated with specific mappings of keys
to paths. Note that this is identical to a configmap volume source without
the default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
downwardAPI (Object) information about the downwardAPI data to project
Represents downward API info for projecting into a projected volume. Note
that this is identical to a downwardAPI volume source without the default
mode.
-
items ([]Object) Items is a list of DownwardAPIVolume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
secret (Object) information about the secret data to project
Adapts a secret into a projected volume.
The contents of the target Secret's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names. Note that this is identical to a secret volume source without the
default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
serviceAccountToken (Object) information about the serviceAccountToken data to project
ServiceAccountTokenProjection represents a projected service account token
volume. This projection can be used to insert a service account token into
the pods runtime filesystem for use against APIs (Kubernetes API Server or
otherwise).
- audience (string) Audience is the intended audience of the token. A recipient of a token must
identify itself with an identifier specified in the audience of the token,
and otherwise should reject the token. The audience defaults to the
identifier of the apiserver.
- expirationSeconds (integer) ExpirationSeconds is the requested duration of validity of the service
account token. As the token approaches expiration, the kubelet volume
plugin will proactively rotate the service account token. The kubelet will
start trying to rotate the token if the token is older than 80 percent of
its time to live or if the token is older than 24 hours.Defaults to 1 hour
and must be at least 10 minutes.
- path (string) Path is the path relative to the mount point of the file to project the
token into.
-
-
-
-
quobyte (Object) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte
volumes do not support ownership management or SELinux relabeling.
- group (string) Group to map volume access to Default is no group
- readOnly (boolean) ReadOnly here will force the Quobyte volume to be mounted with read-only
permissions. Defaults to false.
- registry (string) Registry represents a single or multiple Quobyte Registry services
specified as a string as host:port pair (multiple entries are separated
with commas) which acts as the central registry for volumes
- tenant (string) Tenant owning the given Quobyte volume in the Backend Used with dynamically
provisioned Quobyte volumes, value is set by the plugin
- user (string) User to map volume access to Defaults to serivceaccount user
- volume (string) Volume is a string that references an already created Quobyte volume by
name.
-
-
rbd (Object) RBD represents a Rados Block Device mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD
volumes support ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- image (string) The rados image name. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- keyring (string) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- monitors ([]string) A collection of Ceph monitors. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- pool (string) The rados pool name. Default is rbd. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
secretRef (Object) SecretRef is name of the authentication secret for RBDUser. If provided
overrides keyring. Default is nil. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) The rados user name. Default is admin. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-
scaleIO (Object) ScaleIO represents a ScaleIO persistent volume attached and mounted on
Kubernetes nodes.
ScaleIOVolumeSource represents a persistent ScaleIO volume
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
- gateway (string) The host address of the ScaleIO API Gateway.
- protectionDomain (string) The name of the ScaleIO Protection Domain for the configured storage.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef references to the secret for ScaleIO user and other sensitive
information. If this is not provided, Login operation will fail.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- sslEnabled (boolean) Flag to enable/disable SSL communication with Gateway, default false
- storageMode (string) Indicates whether the storage for a volume should be ThickProvisioned or
ThinProvisioned. Default is ThinProvisioned.
- storagePool (string) The ScaleIO Storage Pool associated with the protection domain.
- system (string) The name of the storage system as configured in ScaleIO.
- volumeName (string) The name of a volume already created in the ScaleIO system that is
associated with this volume source.
-
-
secret (Object) Secret represents a secret that should populate this volume. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
Adapts a Secret into a volume.
The contents of the target Secret's Data field will be presented in a
volume as files using the keys in the Data field as the file names. Secret
volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- optional (boolean) Specify whether the Secret or its keys must be defined
- secretName (string) Name of the secret in the pod's namespace to use. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
-
-
storageos (Object) StorageOS represents a StorageOS volume attached and mounted on Kubernetes
nodes.
Represents a StorageOS persistent volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef specifies the secret to use for obtaining the StorageOS API
credentials. If not specified, default values will be attempted.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeName (string) VolumeName is the human-readable name of the StorageOS volume. Volume names
are only unique within a namespace.
- volumeNamespace (string) VolumeNamespace specifies the scope of the volume within StorageOS. If no
namespace is specified then the Pod's namespace will be used. This allows
the Kubernetes name scoping to be mirrored within StorageOS for tighter
integration. Set VolumeName to any name to override the default behaviour.
Set to "default" if you are not using namespaces within StorageOS.
Namespaces that do not pre-exist within StorageOS will be created.
-
-
vsphereVolume (Object) VsphereVolume represents a vSphere volume attached and mounted on kubelets
host machine
Represents a vSphere volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- storagePolicyID (string) Storage Policy Based Management (SPBM) profile ID associated with the
StoragePolicyName.
- storagePolicyName (string) Storage Policy Based Management (SPBM) profile name.
- volumePath (string) Path that identifies vSphere volume vmdk
-
-
-
-
status (Object) Most recently observed status of the pod. This data may not be up to date.
Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
PodStatus represents information about the status of a pod. Status may
trail the actual state of a system, especially if the node that hosts the
pod cannot contact the control plane.
-
conditions ([]Object) Current service state of pod. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
PodCondition contains details for the current condition of this pod.
- lastProbeTime (string) Last time we probed the condition.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- lastTransitionTime (string) Last time the condition transitioned from one status to another.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) Human-readable message indicating details about last transition.
- reason (string) Unique, one-word, CamelCase reason for the condition's last transition.
- status (string) Status is the status of the condition. Can be True, False, Unknown. More
info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
- type (string) Type is the type of the condition. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
-
-
containerStatuses ([]Object) The list has one entry per container in the manifest. Each entry is
currently the output of `docker inspect`. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
ContainerStatus contains details for the current status of this container.
- containerID (string) Container's ID in the format 'docker://(container_id)'.
- image (string) The image the container is running. More info:
https://kubernetes.io/docs/concepts/containers/images.
- imageID (string) ImageID of the container's image.
-
lastState (Object) Details about the container's last termination condition.
ContainerState holds a possible state of container. Only one of its members
may be specified. If none of them is specified, the default one is
ContainerStateWaiting.
-
running (Object) Details about a running container
ContainerStateRunning is a running state of a container.
- startedAt (string) Time at which the container was last (re-)started
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
-
terminated (Object) Details about a terminated container
ContainerStateTerminated is a terminated state of a container.
- containerID (string) Container's ID in the format 'docker://(container_id)'
- exitCode (integer) Exit status from the last termination of the container
- finishedAt (string) Time at which the container last terminated
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) Message regarding the last termination of the container
- reason (string) (brief) reason from the last termination of the container
- signal (integer) Signal from the last termination of the container
- startedAt (string) Time at which previous execution of the container started
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
-
waiting (Object) Details about a waiting container
ContainerStateWaiting is a waiting state of a container.
- message (string) Message regarding why the container is not yet running.
- reason (string) (brief) reason the container is not yet running.
-
-
- name (string) This must be a DNS_LABEL. Each container in a pod must have a unique name.
Cannot be updated.
- ready (boolean) Specifies whether the container has passed its readiness probe.
- restartCount (integer) The number of times the container has been restarted.
- started (boolean) Specifies whether the container has passed its startup probe. Initialized
as false, becomes true after startupProbe is considered successful. Resets
to false when the container is restarted, or if kubelet loses state
temporarily. Is always true when no startupProbe is defined.
-
state (Object) Details about the container's current condition.
ContainerState holds a possible state of container. Only one of its members
may be specified. If none of them is specified, the default one is
ContainerStateWaiting.
-
running (Object) Details about a running container
ContainerStateRunning is a running state of a container.
- startedAt (string) Time at which the container was last (re-)started
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
-
terminated (Object) Details about a terminated container
ContainerStateTerminated is a terminated state of a container.
- containerID (string) Container's ID in the format 'docker://(container_id)'
- exitCode (integer) Exit status from the last termination of the container
- finishedAt (string) Time at which the container last terminated
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) Message regarding the last termination of the container
- reason (string) (brief) reason from the last termination of the container
- signal (integer) Signal from the last termination of the container
- startedAt (string) Time at which previous execution of the container started
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
-
waiting (Object) Details about a waiting container
ContainerStateWaiting is a waiting state of a container.
- message (string) Message regarding why the container is not yet running.
- reason (string) (brief) reason the container is not yet running.
-
-
-
-
ephemeralContainerStatuses ([]Object) Status for any ephemeral containers that have run in this pod. This field
is beta-level and available on clusters that haven't disabled the
EphemeralContainers feature gate.
ContainerStatus contains details for the current status of this container.
- containerID (string) Container's ID in the format 'docker://(container_id)'.
- image (string) The image the container is running. More info:
https://kubernetes.io/docs/concepts/containers/images.
- imageID (string) ImageID of the container's image.
-
lastState (Object) Details about the container's last termination condition.
ContainerState holds a possible state of container. Only one of its members
may be specified. If none of them is specified, the default one is
ContainerStateWaiting.
-
running (Object) Details about a running container
ContainerStateRunning is a running state of a container.
- startedAt (string) Time at which the container was last (re-)started
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
-
terminated (Object) Details about a terminated container
ContainerStateTerminated is a terminated state of a container.
- containerID (string) Container's ID in the format 'docker://(container_id)'
- exitCode (integer) Exit status from the last termination of the container
- finishedAt (string) Time at which the container last terminated
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) Message regarding the last termination of the container
- reason (string) (brief) reason from the last termination of the container
- signal (integer) Signal from the last termination of the container
- startedAt (string) Time at which previous execution of the container started
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
-
waiting (Object) Details about a waiting container
ContainerStateWaiting is a waiting state of a container.
- message (string) Message regarding why the container is not yet running.
- reason (string) (brief) reason the container is not yet running.
-
-
- name (string) This must be a DNS_LABEL. Each container in a pod must have a unique name.
Cannot be updated.
- ready (boolean) Specifies whether the container has passed its readiness probe.
- restartCount (integer) The number of times the container has been restarted.
- started (boolean) Specifies whether the container has passed its startup probe. Initialized
as false, becomes true after startupProbe is considered successful. Resets
to false when the container is restarted, or if kubelet loses state
temporarily. Is always true when no startupProbe is defined.
-
state (Object) Details about the container's current condition.
ContainerState holds a possible state of container. Only one of its members
may be specified. If none of them is specified, the default one is
ContainerStateWaiting.
-
running (Object) Details about a running container
ContainerStateRunning is a running state of a container.
- startedAt (string) Time at which the container was last (re-)started
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
-
terminated (Object) Details about a terminated container
ContainerStateTerminated is a terminated state of a container.
- containerID (string) Container's ID in the format 'docker://(container_id)'
- exitCode (integer) Exit status from the last termination of the container
- finishedAt (string) Time at which the container last terminated
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) Message regarding the last termination of the container
- reason (string) (brief) reason from the last termination of the container
- signal (integer) Signal from the last termination of the container
- startedAt (string) Time at which previous execution of the container started
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
-
waiting (Object) Details about a waiting container
ContainerStateWaiting is a waiting state of a container.
- message (string) Message regarding why the container is not yet running.
- reason (string) (brief) reason the container is not yet running.
-
-
-
- hostIP (string) IP address of the host to which the pod is assigned. Empty if not yet
scheduled.
-
initContainerStatuses ([]Object) The list has one entry per init container in the manifest. The most recent
successful init container will have ready = true, the most recently started
container will have startTime set. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
ContainerStatus contains details for the current status of this container.
- containerID (string) Container's ID in the format 'docker://(container_id)'.
- image (string) The image the container is running. More info:
https://kubernetes.io/docs/concepts/containers/images.
- imageID (string) ImageID of the container's image.
-
lastState (Object) Details about the container's last termination condition.
ContainerState holds a possible state of container. Only one of its members
may be specified. If none of them is specified, the default one is
ContainerStateWaiting.
-
running (Object) Details about a running container
ContainerStateRunning is a running state of a container.
- startedAt (string) Time at which the container was last (re-)started
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
-
terminated (Object) Details about a terminated container
ContainerStateTerminated is a terminated state of a container.
- containerID (string) Container's ID in the format 'docker://(container_id)'
- exitCode (integer) Exit status from the last termination of the container
- finishedAt (string) Time at which the container last terminated
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) Message regarding the last termination of the container
- reason (string) (brief) reason from the last termination of the container
- signal (integer) Signal from the last termination of the container
- startedAt (string) Time at which previous execution of the container started
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
-
waiting (Object) Details about a waiting container
ContainerStateWaiting is a waiting state of a container.
- message (string) Message regarding why the container is not yet running.
- reason (string) (brief) reason the container is not yet running.
-
-
- name (string) This must be a DNS_LABEL. Each container in a pod must have a unique name.
Cannot be updated.
- ready (boolean) Specifies whether the container has passed its readiness probe.
- restartCount (integer) The number of times the container has been restarted.
- started (boolean) Specifies whether the container has passed its startup probe. Initialized
as false, becomes true after startupProbe is considered successful. Resets
to false when the container is restarted, or if kubelet loses state
temporarily. Is always true when no startupProbe is defined.
-
state (Object) Details about the container's current condition.
ContainerState holds a possible state of container. Only one of its members
may be specified. If none of them is specified, the default one is
ContainerStateWaiting.
-
running (Object) Details about a running container
ContainerStateRunning is a running state of a container.
- startedAt (string) Time at which the container was last (re-)started
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
-
terminated (Object) Details about a terminated container
ContainerStateTerminated is a terminated state of a container.
- containerID (string) Container's ID in the format 'docker://(container_id)'
- exitCode (integer) Exit status from the last termination of the container
- finishedAt (string) Time at which the container last terminated
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) Message regarding the last termination of the container
- reason (string) (brief) reason from the last termination of the container
- signal (integer) Signal from the last termination of the container
- startedAt (string) Time at which previous execution of the container started
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
-
waiting (Object) Details about a waiting container
ContainerStateWaiting is a waiting state of a container.
- message (string) Message regarding why the container is not yet running.
- reason (string) (brief) reason the container is not yet running.
-
-
-
- message (string) A human readable message indicating details about why the pod is in this
condition.
- nominatedNodeName (string) nominatedNodeName is set only when this pod preempts other pods on the
node, but it cannot be scheduled right away as preemption victims receive
their graceful termination periods. This field does not guarantee that the
pod will be scheduled on this node. Scheduler may decide to place the pod
elsewhere if other nodes become available sooner. Scheduler may also decide
to give the resources on this node to a higher priority pod that is created
after preemption. As a result, this field may be different than
PodSpec.nodeName when the pod is scheduled.
- phase (string) The phase of a Pod is a simple, high-level summary of where the Pod is in
its lifecycle. The conditions array, the reason and message fields, and the
individual container status arrays contain more detail about the pod's
status. There are five possible phase values:
Pending: The pod has been accepted by the Kubernetes system, but one or
more of the container images has not been created. This includes time
before being scheduled as well as time spent downloading images over the
network, which could take a while. Running: The pod has been bound to a
node, and all of the containers have been created. At least one container
is still running, or is in the process of starting or restarting.
Succeeded: All containers in the pod have terminated in success, and will
not be restarted. Failed: All containers in the pod have terminated, and at
least one container has terminated in failure. The container either exited
with non-zero status or was terminated by the system. Unknown: For some
reason the state of the pod could not be obtained, typically due to an
error in communicating with the host of the pod.
More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase
- podIP (string) IP address allocated to the pod. Routable at least within the cluster.
Empty if not yet allocated.
-
podIPs ([]Object) podIPs holds the IP addresses allocated to the pod. If this field is
specified, the 0th entry must match the podIP field. Pods may be allocated
at most 1 value for each of IPv4 and IPv6. This list is empty if no IPs
have been allocated yet.
IP address information for entries in the (plural) PodIPs field. Each entry
includes: IP: An IP address allocated to the pod. Routable at least within
the cluster.
- ip (string) ip is an IP address (IPv4 or IPv6) assigned to the pod
-
- qosClass (string) The Quality of Service (QOS) classification assigned to the pod based on
resource requirements See PodQOSClass type for available QOS classes More
info:
https://git.k8s.io/community/contributors/design-proposals/node/resource-qos.md
- reason (string) A brief CamelCase message indicating details about why the pod is in this
state. e.g. 'Evicted'
- startTime (string) RFC 3339 date and time at which the object was acknowledged by the Kubelet.
This is before the Kubelet pulled the container image(s) for the pod.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
-
-
Deployment Deployment enables declarative updates for Pods and ReplicaSets.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the desired behavior of the Deployment.
DeploymentSpec is the specification of the desired behavior of the
Deployment.
- minReadySeconds (integer) Minimum number of seconds for which a newly created pod should be ready
without any of its container crashing, for it to be considered available.
Defaults to 0 (pod will be considered available as soon as it is ready)
- paused (boolean) Indicates that the deployment is paused.
- progressDeadlineSeconds (integer) The maximum time in seconds for a deployment to make progress before it is
considered to be failed. The deployment controller will continue to process
failed deployments and a condition with a ProgressDeadlineExceeded reason
will be surfaced in the deployment status. Note that progress will not be
estimated during the time a deployment is paused. Defaults to 600s.
- replicas (integer) Number of desired pods. This is a pointer to distinguish between explicit
zero and not specified. Defaults to 1.
- revisionHistoryLimit (integer) The number of old ReplicaSets to retain to allow rollback. This is a
pointer to distinguish between explicit zero and not specified. Defaults to
10.
-
selector (Object) Label selector for pods. Existing ReplicaSets whose pods are selected by
this will be the ones affected by this deployment. It must match the pod
template's labels.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
strategy (Object) The deployment strategy to use to replace existing pods with new ones.
DeploymentStrategy describes how to replace existing pods with new ones.
-
rollingUpdate (Object) Rolling update config params. Present only if DeploymentStrategyType =
RollingUpdate.
Spec to control the desired behavior of rolling update.
- maxSurge (string) The maximum number of pods that can be scheduled above the desired number
of pods. Value can be an absolute number (ex: 5) or a percentage of desired
pods (ex: 10%!)(MISSING). This can not be 0 if MaxUnavailable is 0.
Absolute number is calculated from percentage by rounding up. Defaults to
25%! (MISSING)Example: when this is set to 30%!,(MISSING) the new
ReplicaSet can be scaled up immediately when the rolling update starts,
such that the total number of old and new pods do not exceed
130%!o(MISSING)f desired pods. Once old pods have been killed, new
ReplicaSet can be scaled up further, ensuring that total number of pods
running at any time during the update is at most 130%!o(MISSING)f desired
pods.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- maxUnavailable (string) The maximum number of pods that can be unavailable during the update. Value
can be an absolute number (ex: 5) or a percentage of desired pods (ex:
10%!)(MISSING). Absolute number is calculated from percentage by rounding
down. This can not be 0 if MaxSurge is 0. Defaults to 25%!
(MISSING)Example: when this is set to 30%!,(MISSING) the old ReplicaSet can
be scaled down to 70%!o(MISSING)f desired pods immediately when the rolling
update starts. Once new pods are ready, old ReplicaSet can be scaled down
further, followed by scaling up the new ReplicaSet, ensuring that the total
number of pods available at all times during the update is at least
70%!o(MISSING)f desired pods.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- type (string) Type of deployment. Can be "Recreate" or "RollingUpdate". Default is
RollingUpdate.
-
-
template (Object) Template describes the pods that will be created.
PodTemplateSpec describes the data a pod should have when created from a
template
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
PodSpec is a description of a pod.
- activeDeadlineSeconds (integer) Optional duration in seconds the pod may be active on the node relative to
StartTime before the system will actively try to mark it failed and kill
associated containers. Value must be a positive integer.
-
affinity (Object) If specified, the pod's scheduling constraints
Affinity is a group of affinity scheduling rules.
-
nodeAffinity (Object) Describes node affinity scheduling rules for the pod.
Node affinity is a group of node affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node matches
the corresponding matchExpressions; the node(s) with the highest sum are
the most preferred.
An empty preferred scheduling term matches all objects with implicit weight
0 (i.e. it's a no-op). A null preferred scheduling term matches no objects
(i.e. is also a no-op).
-
preference (Object) A node selector term, associated with the corresponding weight.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
- weight (integer) Weight associated with matching the corresponding nodeSelectorTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution (Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to an update), the system may or may not try
to eventually evict the pod from its node.
A node selector represents the union of the results of one or more label
queries over a set of nodes; that is, it represents the OR of the selectors
represented by the node selector terms.
-
nodeSelectorTerms ([]Object) Required. A list of node selector terms. The terms are ORed.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
-
-
-
podAffinity (Object) Describes pod affinity scheduling rules (e.g. co-locate this pod in the
same node, zone, etc. as some other pod(s)).
Pod affinity is a group of inter pod affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node has pods
which matches the corresponding podAffinityTerm; the node(s) with the
highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to a pod label update), the system may or
may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
podAntiAffinity (Object) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod
in the same node, zone, etc. as some other pod(s)).
Pod anti affinity is a group of inter pod anti affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
anti-affinity expressions specified by this field, but it may choose a node
that violates one or more of the expressions. The node that is most
preferred is the one with the greatest sum of weights, i.e. for each node
that meets all of the scheduling requirements (resource request,
requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by
iterating through the elements of this field and adding "weight" to the sum
if the node has pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the anti-affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
anti-affinity requirements specified by this field cease to be met at some
point during pod execution (e.g. due to a pod label update), the system may
or may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
- automountServiceAccountToken (boolean) AutomountServiceAccountToken indicates whether a service account token
should be automatically mounted.
-
containers ([]Object) List of containers belonging to the pod. Containers cannot currently be
added or removed. There must be at least one container in a Pod. Cannot be
updated.
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
dnsConfig (Object) Specifies the DNS parameters of a pod. Parameters specified here will be
merged to the generated DNS configuration based on DNSPolicy.
PodDNSConfig defines the DNS parameters of a pod in addition to those
generated from DNSPolicy.
- nameservers ([]string) A list of DNS name server IP addresses. This will be appended to the base
nameservers generated from DNSPolicy. Duplicated nameservers will be
removed.
-
options ([]Object) A list of DNS resolver options. This will be merged with the base options
generated from DNSPolicy. Duplicated entries will be removed. Resolution
options given in Options will override those that appear in the base
DNSPolicy.
PodDNSConfigOption defines DNS resolver options of a pod.
- name (string) Required.
- value (string) (empty)
-
- searches ([]string) A list of DNS search domains for host-name lookup. This will be appended to
the base search paths generated from DNSPolicy. Duplicated search paths
will be removed.
-
- dnsPolicy (string) Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are
'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS
parameters given in DNSConfig will be merged with the policy selected with
DNSPolicy. To have DNS options set along with hostNetwork, you have to
specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
- enableServiceLinks (boolean) EnableServiceLinks indicates whether information about services should be
injected into pod's environment variables, matching the syntax of Docker
links. Optional: Defaults to true.
-
ephemeralContainers ([]Object) List of ephemeral containers run in this pod. Ephemeral containers may be
run in an existing pod to perform user-initiated actions such as debugging.
This list cannot be specified when creating a pod, and it cannot be
modified by updating the pod spec. In order to add an ephemeral container
to an existing pod, use the pod's ephemeralcontainers subresource. This
field is beta-level and available on clusters that haven't disabled the
EphemeralContainers feature gate.
An EphemeralContainer is a temporary container that you may add to an
existing Pod for user-initiated activities such as debugging. Ephemeral
containers have no resource or scheduling guarantees, and they will not be
restarted when they exit or when a Pod is removed or restarted. The kubelet
may evict a Pod if an ephemeral container causes the Pod to exceed its
resource allocation.
To add an ephemeral container, use the ephemeralcontainers subresource of
an existing Pod. Ephemeral containers may not be removed or restarted.
This is a beta feature available on clusters that haven't disabled the
EphemeralContainers feature gate.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Lifecycle is not allowed for ephemeral containers.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the ephemeral container specified as a DNS_LABEL. This name must be
unique among all containers, init containers and ephemeral containers.
-
ports ([]Object) Ports are not allowed for ephemeral containers.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Resources are not allowed for ephemeral containers. Ephemeral containers
use spare resources already allocated to the pod.
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) Optional: SecurityContext defines the security options the ephemeral
container should be run with. If set, the fields of SecurityContext
override the equivalent fields of PodSecurityContext.
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- targetContainerName (string) If set, the name of the container from PodSpec that this ephemeral
container targets. The ephemeral container will be run in the namespaces
(IPC, PID, etc) of this container. If not set then the ephemeral container
uses the namespaces configured in the Pod spec.
The container runtime must implement support for this feature. If the
runtime does not support namespace targeting then the result of setting
this field is undefined.
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Subpath mounts are
not allowed for ephemeral containers. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
hostAliases ([]Object) HostAliases is an optional list of hosts and IPs that will be injected into
the pod's hosts file if specified. This is only valid for non-hostNetwork
pods.
HostAlias holds the mapping between IP and hostnames that will be injected
as an entry in the pod's hosts file.
- hostnames ([]string) Hostnames for the above IP address.
- ip (string) IP address of the host file entry.
-
- hostIPC (boolean) Use the host's ipc namespace. Optional: Default to false.
- hostNetwork (boolean) Host networking requested for this pod. Use the host's network namespace.
If this option is set, the ports that will be used must be specified.
Default to false.
- hostPID (boolean) Use the host's pid namespace. Optional: Default to false.
- hostname (string) Specifies the hostname of the Pod If not specified, the pod's hostname will
be set to a system-defined value.
-
imagePullSecrets ([]Object) ImagePullSecrets is an optional list of references to secrets in the same
namespace to use for pulling any of the images used by this PodSpec. If
specified, these secrets will be passed to individual puller
implementations for them to use. For example, in the case of docker, only
DockerConfig type secrets are honored. More info:
https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
initContainers ([]Object) List of initialization containers belonging to the pod. Init containers are
executed in order prior to containers being started. If any init container
fails, the pod is considered to have failed and is handled according to its
restartPolicy. The name for an init container or normal container must be
unique among all containers. Init containers may not have Lifecycle
actions, Readiness probes, Liveness probes, or Startup probes. The
resourceRequirements of an init container are taken into account during
scheduling by finding the highest request/limit for each resource type, and
then using the max of of that value or the sum of the normal containers.
Limits are applied to init containers in a similar fashion. Init containers
cannot currently be added or removed. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
- nodeName (string) NodeName is a request to schedule this pod onto a specific node. If it is
non-empty, the scheduler simply schedules this pod onto that node, assuming
that it fits resource requirements.
- nodeSelector (map[string]string) NodeSelector is a selector which must be true for the pod to fit on a node.
Selector which must match a node's labels for the pod to be scheduled on
that node. More info:
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-
os (Object) Specifies the OS of the containers in the pod. Some pod and container
fields are restricted if this is set.
If the OS field is set to linux, the following fields must be unset:
-securityContext.windowsOptions
If the OS field is set to windows, following fields must be unset: -
spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions -
spec.securityContext.seccompProfile - spec.securityContext.fsGroup -
spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls -
spec.shareProcessNamespace - spec.securityContext.runAsUser -
spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups -
spec.containers[*].securityContext.seLinuxOptions -
spec.containers[*].securityContext.seccompProfile -
spec.containers[*].securityContext.capabilities -
spec.containers[*].securityContext.readOnlyRootFilesystem -
spec.containers[*].securityContext.privileged -
spec.containers[*].securityContext.allowPrivilegeEscalation -
spec.containers[*].securityContext.procMount -
spec.containers[*].securityContext.runAsUser -
spec.containers[*].securityContext.runAsGroup This is an alpha field and
requires the IdentifyPodOS feature
PodOS defines the OS parameters of a pod.
- name (string) Name is the name of the operating system. The currently supported values
are linux and windows. Additional value may be defined in future and can be
one of:
https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
Clients should expect to handle additional values and treat unrecognized
values in this field as os: null
-
- overhead (map[string]string) Overhead represents the resource overhead associated with running a pod for
a given RuntimeClass. This field will be autopopulated at admission time by
the RuntimeClass admission controller. If the RuntimeClass admission
controller is enabled, overhead must not be set in Pod create requests. The
RuntimeClass admission controller will reject Pod create requests which
have the overhead already set. If RuntimeClass is configured and selected
in the PodSpec, Overhead will be set to the value defined in the
corresponding RuntimeClass, otherwise it will remain unset and treated as
zero. More info:
https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
This field is beta-level as of Kubernetes v1.18, and is only honored by
servers that enable the PodOverhead feature.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- preemptionPolicy (string) PreemptionPolicy is the Policy for preempting pods with lower priority. One
of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
This field is beta-level, gated by the NonPreemptingPriority feature-gate.
- priority (integer) The priority value. Various system components use this field to find the
priority of the pod. When Priority Admission Controller is enabled, it
prevents users from setting this field. The admission controller populates
this field from PriorityClassName. The higher the value, the higher the
priority.
- priorityClassName (string) If specified, indicates the pod's priority. "system-node-critical" and
"system-cluster-critical" are two special keywords which indicate the
highest priorities with the former being the highest priority. Any other
name must be defined by creating a PriorityClass object with that name. If
not specified, the pod priority will be default or zero if there is no
default.
-
readinessGates ([]Object) If specified, all readiness gates will be evaluated for pod readiness. A
pod is ready when all its containers are ready AND all conditions specified
in the readiness gates have status equal to "True" More info:
https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
PodReadinessGate contains the reference to a pod condition
- conditionType (string) ConditionType refers to a condition in the pod's condition list with
matching type.
-
- restartPolicy (string) Restart policy for all containers within the pod. One of Always, OnFailure,
Never. Default to Always. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
- runtimeClassName (string) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group,
which should be used to run this pod. If no RuntimeClass resource matches
the named class, the pod will not be run. If unset or empty, the "legacy"
RuntimeClass will be used, which is an implicit class with an empty
definition that uses the default runtime handler. More info:
https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class This is a
beta feature as of Kubernetes v1.14.
- schedulerName (string) If specified, the pod will be dispatched by specified scheduler. If not
specified, the pod will be dispatched by default scheduler.
-
securityContext (Object) SecurityContext holds pod-level security attributes and common container
settings. Optional: Defaults to empty. See type description for default
values of each field.
PodSecurityContext holds pod-level security attributes and common container
settings. Some fields are also present in container.securityContext. Field
values of container.securityContext take precedence over field values of
PodSecurityContext.
- fsGroup (integer) A special supplemental group that applies to all containers in a pod. Some
volume types allow the Kubelet to change the ownership of that volume to be
owned by the pod:
1. The owning GID will be the FSGroup 2. The setgid bit is set (new files
created in the volume will be owned by FSGroup) 3. The permission bits are
OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any
volume. Note that this field cannot be set when spec.os.name is windows.
- fsGroupChangePolicy (string) fsGroupChangePolicy defines behavior of changing ownership and permission
of the volume before being exposed inside Pod. This field will only apply
to volume types which support fsGroup based ownership(and permissions). It
will have no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always". If not
specified, "Always" is used. Note that this field cannot be set when
spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence for that container.
Note that this field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to all containers. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by the containers in this pod. Note that this
field cannot be set when spec.os.name is windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
- supplementalGroups ([]integer) A list of groups applied to the first process run in each container, in
addition to the container's primary GID. If unspecified, no groups will be
added to any container. Note that this field cannot be set when
spec.os.name is windows.
-
sysctls ([]Object) Sysctls hold a list of namespaced sysctls used for the pod. Pods with
unsupported sysctls (by the container runtime) might fail to launch. Note
that this field cannot be set when spec.os.name is windows.
Sysctl defines a kernel parameter to be set
- name (string) Name of a property to set
- value (string) Value of a property to set
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options within a container's SecurityContext will be used. If set in
both SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
- serviceAccount (string) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
Deprecated: Use serviceAccountName instead.
- serviceAccountName (string) ServiceAccountName is the name of the ServiceAccount to use to run this
pod. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- setHostnameAsFQDN (boolean) If true the pod's hostname will be configured as the pod's FQDN, rather
than the leaf name (the default). In Linux containers, this means setting
the FQDN in the hostname field of the kernel (the nodename field of struct
utsname). In Windows containers, this means setting the registry value of
hostname for the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to
FQDN. If a pod does not have FQDN, this has no effect. Default to false.
- shareProcessNamespace (boolean) Share a single process namespace between all of the containers in a pod.
When this is set containers will be able to view and signal processes from
other containers in the same pod, and the first process in each container
will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both
be set. Optional: Default to false.
- subdomain (string) If specified, the fully qualified Pod hostname will be
"(hostname).(subdomain).(pod namespace).svc.(cluster domain)". If not
specified, the pod will not have a domainname at all.
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully. May be
decreased in delete request. Value must be non-negative integer. The value
zero indicates stop immediately via the kill signal (no opportunity to shut
down). If this value is nil, the default grace period will be used instead.
The grace period is the duration in seconds after the processes running in
the pod are sent a termination signal and the time when the processes are
forcibly halted with a kill signal. Set this value longer than the expected
cleanup time for your process. Defaults to 30 seconds.
-
tolerations ([]Object) If specified, the pod's tolerations.
The pod this Toleration is attached to tolerates any taint that matches the
triple (key,value,effect) using the matching operator (operator).
- effect (string) Effect indicates the taint effect to match. Empty means match all taint
effects. When specified, allowed values are NoSchedule, PreferNoSchedule
and NoExecute.
- key (string) Key is the taint key that the toleration applies to. Empty means match all
taint keys. If the key is empty, operator must be Exists; this combination
means to match all values and all keys.
- operator (string) Operator represents a key's relationship to the value. Valid operators are
Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for
value, so that a pod can tolerate all taints of a particular category.
- tolerationSeconds (integer) TolerationSeconds represents the period of time the toleration (which must
be of effect NoExecute, otherwise this field is ignored) tolerates the
taint. By default, it is not set, which means tolerate the taint forever
(do not evict). Zero and negative values will be treated as 0 (evict
immediately) by the system.
- value (string) Value is the taint value the toleration matches to. If the operator is
Exists, the value should be empty, otherwise just a regular string.
-
-
topologySpreadConstraints ([]Object) TopologySpreadConstraints describes how a group of pods ought to spread
across topology domains. Scheduler will schedule pods in a way which abides
by the constraints. All topologySpreadConstraints are ANDed.
TopologySpreadConstraint specifies how to spread matching pods among the
given topology.
-
labelSelector (Object) LabelSelector is used to find matching pods. Pods that match this label
selector are counted to determine the number of pods in their corresponding
topology domain.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- maxSkew (integer) MaxSkew describes the degree to which pods may be unevenly distributed.
When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted
difference between the number of matching pods in the target topology and
the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1,
and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 |
zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled
to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the
ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2,
incoming pod can be scheduled onto any zone. When
`whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to
topologies that satisfy it. It's a required field. Default value is 1 and 0
is not allowed.
- topologyKey (string) TopologyKey is the key of node labels. Nodes that have a label with this
key and identical values are considered to be in the same topology. We
consider each (key, value) as a "bucket", and try to put balanced number of
pods into each bucket. It's a required field.
- whenUnsatisfiable (string) WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
the spread constraint. - DoNotSchedule (default) tells the scheduler not to
schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in
any location, but giving higher precedence to topologies that would help
reduce the skew. A constraint is considered "Unsatisfiable" for an incoming
pod if and only if every possible node assignment for that pod would
violate "MaxSkew" on some topology. For example, in a 3-zone cluster,
MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:
| zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to
DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become
3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In
other words, the cluster can still be imbalanced, but scheduler won't make
it *more* imbalanced. It's a required field.
-
-
volumes ([]Object) List of volumes that can be mounted by containers belonging to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes
Volume represents a named volume in a pod that may be accessed by any
container in the pod.
-
awsElasticBlockStore (Object) AWSElasticBlockStore represents an AWS Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
Represents a Persistent Disk resource in AWS.
An AWS EBS disk must exist before mounting to a container. The disk must
also be in the same AWS zone as the kubelet. An AWS EBS disk can only be
mounted as read/write once. AWS EBS volumes support ownership management
and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty).
- readOnly (boolean) Specify "true" to force and set the ReadOnly property in VolumeMounts to
"true". If omitted, the default is "false". More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- volumeID (string) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More
info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-
azureDisk (Object) AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
- cachingMode (string) Host Caching mode: None, Read Only, Read Write.
- diskName (string) The Name of the data disk in the blob storage
- diskURI (string) The URI the data disk in the blob storage
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- kind (string) Expected values Shared: multiple blob disks per storage account Dedicated:
single blob disk per storage account Managed: azure managed data disk (only
in managed availability set). defaults to shared
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
-
azureFile (Object) AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- secretName (string) the name of secret that contains Azure Storage Account Name and Key
- shareName (string) Share Name
-
-
cephfs (Object) CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs
volumes do not support ownership management or SELinux relabeling.
- monitors ([]string) Required: Monitors is a collection of Ceph monitors More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- path (string) Optional: Used as the mounted root, rather than the full Ceph tree, default
is /
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- secretFile (string) Optional: SecretFile is the path to key ring for User, default is
/etc/ceph/user.secret More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
secretRef (Object) Optional: SecretRef is reference to the authentication secret for User,
default is empty. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) Optional: User is the rados user name, default is admin More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-
cinder (Object) Cinder represents a cinder volume attached and mounted on kubelets host
machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
Represents a cinder volume resource in Openstack. A Cinder volume must
exist before mounting to a container. The volume must also be in the same
region as the kubelet. Cinder volumes support ownership management and
SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
be "ext4" if unspecified. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
secretRef (Object) Optional: points to a secret object containing parameters used to connect
to OpenStack.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeID (string) volume id used to identify the volume in cinder. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
-
configMap (Object) ConfigMap represents a configMap that should populate this volume
Adapts a ConfigMap into a volume.
The contents of the target ConfigMap's Data field will be presented in a
volume as files using the keys in the Data field as the file names, unless
the items element is populated with specific mappings of keys to paths.
ConfigMap volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
csi (Object) CSI (Container Storage Interface) represents ephemeral storage that is
handled by certain external CSI drivers (Beta feature).
Represents a source location of a volume to mount, managed by an external
CSI driver
- driver (string) Driver is the name of the CSI driver that handles this volume. Consult with
your admin for the correct name as registered in the cluster.
- fsType (string) Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the
empty value is passed to the associated CSI driver which will determine the
default filesystem to apply.
-
nodePublishSecretRef (Object) NodePublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls. This field is optional,
and may be empty if no secret is required. If the secret object contains
more than one secret, all secret references are passed.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- readOnly (boolean) Specifies a read-only configuration for the volume. Defaults to false
(read/write).
- volumeAttributes (map[string]string) VolumeAttributes stores driver-specific properties that are passed to the
CSI driver. Consult your driver's documentation for supported values.
-
-
downwardAPI (Object) DownwardAPI represents downward API about the pod that should populate this
volume
DownwardAPIVolumeSource represents a volume containing downward API info.
Downward API volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits to use on created files by default. Must be a Optional:
mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) Items is a list of downward API volume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
emptyDir (Object) EmptyDir represents a temporary directory that shares a pod's lifetime.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
Represents an empty directory for a pod. Empty directory volumes support
ownership management and SELinux relabeling.
- medium (string) What type of storage medium should back this directory. The default is ""
which means to use the node's default medium. Must be an empty string
(default) or Memory. More info:
https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- sizeLimit (string) Total amount of local storage required for this EmptyDir volume. The size
limit is also applicable for memory medium. The maximum usage on memory
medium EmptyDir would be the minimum value between the SizeLimit specified
here and the sum of memory limits of all containers in a pod. The default
is nil which means that the limit is undefined. More info:
http://kubernetes.io/docs/user-guide/volumes#emptydir
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
ephemeral (Object) Ephemeral represents a volume that is handled by a cluster storage driver.
The volume's lifecycle is tied to the pod that defines it - it will be
created before the pod starts, and deleted when the pod is removed.
Use this if: a) the volume is only needed while the pod runs, b) features
of normal volumes like restoring from snapshot or capacity tracking are
needed, c) the storage driver is specified through a storage class, and d)
the storage driver supports dynamic volume provisioning through a
PersistentVolumeClaim (see EphemeralVolumeSource for more information on
the connection between this volume type and PersistentVolumeClaim).
Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes
that persist for longer than the lifecycle of an individual pod.
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant
to be used that way - see the documentation of the driver for more
information.
A pod can use both types of ephemeral volumes and persistent volumes at the
same time.
Represents an ephemeral volume that is handled by a normal storage driver.
-
volumeClaimTemplate (Object) Will be used to create a stand-alone PVC to provision the volume. The pod
in which this EphemeralVolumeSource is embedded will be the owner of the
PVC, i.e. the PVC will be deleted together with the pod. The name of the
PVC will be `(pod name)-(volume name)` where `(volume name)` is the name
from the `PodSpec.Volumes` array entry. Pod validation will reject the pod
if the concatenated name is not valid for a PVC (for example, too long).
An existing PVC with that name that is not owned by the pod will *not* be
used for the pod to avoid using an unrelated volume by mistake. Starting
the pod is then blocked until the unrelated PVC is removed. If such a
pre-created PVC is meant to be used by the pod, the PVC has to updated with
an owner reference to the pod once the pod exists. Normally this should not
be necessary, but it may be useful when manually reconstructing a broken
cluster.
This field is read-only and no changes will be made by Kubernetes to the
PVC after it has been created.
Required, must not be nil.
PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim
objects as part of an EphemeralVolumeSource.
-
metadata (Object) May contain labels and annotations that will be copied into the PVC when
creating it. No other fields are allowed and will be rejected during
validation.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) The specification for the PersistentVolumeClaim. The entire content is
copied unchanged into the PVC that gets created from this template. The
same fields as in a PersistentVolumeClaim are also valid here.
PersistentVolumeClaimSpec describes the common attributes of storage
devices and allows a Source for provider-specific attributes
- accessModes ([]string) AccessModes contains the desired access modes the volume should have. More
info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-
dataSource (Object) This field can be used to specify either: * An existing VolumeSnapshot
object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC
(PersistentVolumeClaim) If the provisioner or an external controller can
support the specified data source, it will create a new volume based on the
contents of the specified data source. If the AnyVolumeDataSource feature
gate is enabled, this field will always have the same contents as the
DataSourceRef field.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
dataSourceRef (Object) Specifies the object from which to populate the volume with data, if a
non-empty volume is desired. This may be any local object from a non-empty
API group (non core object) or a PersistentVolumeClaim object. When this
field is specified, volume binding will only succeed if the type of the
specified object matches some installed volume populator or dynamic
provisioner. This field will replace the functionality of the DataSource
field and as such if both fields are non-empty, they must have the same
value. For backwards compatibility, both fields (DataSource and
DataSourceRef) will be set to the same value automatically if one of them
is empty and the other is non-empty. There are two important differences
between DataSource and DataSourceRef: * While DataSource only allows two
specific types of objects, DataSourceRef allows any non-core object, as
well as PersistentVolumeClaim objects.
* While DataSource ignores disallowed values (dropping them), DataSourceRef
preserves all values, and generates an error if a disallowed value is
specified. (Alpha) Using this field requires the AnyVolumeDataSource
feature gate to be enabled.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
resources (Object) Resources represents the minimum resources the volume should have. If
RecoverVolumeExpansionFailure feature is enabled users are allowed to
specify resource requirements that are lower than previous value but must
still be higher than capacity recorded in the status field of the claim.
More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
selector (Object) A label query over volumes to consider for binding.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- storageClassName (string) Name of the StorageClass required by the claim. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- volumeMode (string) volumeMode defines what type of volume is required by the claim. Value of
Filesystem is implied when not included in claim spec.
- volumeName (string) VolumeName is the binding reference to the PersistentVolume backing this
claim.
-
-
-
-
fc (Object) FC represents a Fibre Channel resource that is attached to a kubelet's host
machine and then exposed to the pod.
Represents a Fibre Channel volume. Fibre Channel volumes can only be
mounted as read/write once. Fibre Channel volumes support ownership
management and SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- lun (integer) Optional: FC target lun number
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
- targetWWNs ([]string) Optional: FC target worldwide names (WWNs)
- wwids ([]string) Optional: FC volume world wide identifiers (wwids) Either wwids or
combination of targetWWNs and lun must be set, but not both simultaneously.
-
-
flexVolume (Object) FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
- driver (string) Driver is the name of the driver to use for this volume.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends
on FlexVolume script.
- options (map[string]string) Optional: Extra command options if any.
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
-
secretRef (Object) Optional: SecretRef is reference to the secret object containing sensitive
information to pass to the plugin scripts. This may be empty if no secret
object is specified. If the secret object contains more than one secret,
all secrets are passed to the plugin scripts.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
flocker (Object) Flocker represents a Flocker volume attached to a kubelet's host machine.
This depends on the Flocker control service being running
Represents a Flocker volume mounted by the Flocker agent. One and only one
of datasetName and datasetUUID should be set. Flocker volumes do not
support ownership management or SELinux relabeling.
- datasetName (string) Name of the dataset stored as metadata -) name on the dataset for Flocker
should be considered as deprecated
- datasetUUID (string) UUID of the dataset. This is unique identifier of a Flocker dataset
-
-
gcePersistentDisk (Object) GCEPersistentDisk represents a GCE Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
Represents a Persistent Disk resource in Google Compute Engine.
A GCE PD must exist before mounting to a container. The disk must also be
in the same GCE project and zone as the kubelet. A GCE PD can only be
mounted as read/write once or read-only many times. GCE PDs support
ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty). More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- pdName (string) Unique name of the PD resource in GCE. Used to identify the disk in GCE.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-
gitRepo (Object) GitRepo represents a git repository at a particular revision. DEPRECATED:
GitRepo is deprecated. To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo using git, then mount
the EmptyDir into the Pod's container.
Represents a volume that is populated with the contents of a git
repository. Git repo volumes do not support ownership management. Git repo
volumes support SELinux relabeling.
DEPRECATED: GitRepo is deprecated. To provision a container with a git
repo, mount an EmptyDir into an InitContainer that clones the repo using
git, then mount the EmptyDir into the Pod's container.
- directory (string) Target directory name. Must not contain or start with '..'. If '.' is
supplied, the volume directory will be the git repository. Otherwise, if
specified, the volume will contain the git repository in the subdirectory
with the given name.
- repository (string) Repository URL
- revision (string) Commit hash for the specified revision.
-
-
glusterfs (Object) Glusterfs represents a Glusterfs mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs
volumes do not support ownership management or SELinux relabeling.
- endpoints (string) EndpointsName is the endpoint name that details Glusterfs topology. More
info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- path (string) Path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- readOnly (boolean) ReadOnly here will force the Glusterfs volume to be mounted with read-only
permissions. Defaults to false. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-
hostPath (Object) HostPath represents a pre-existing file or directory on the host machine
that is directly exposed to the container. This is generally used for
system agents or other privileged things that are allowed to see the host
machine. Most containers will NOT need this. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
Represents a host path mapped into a pod. Host path volumes do not support
ownership management or SELinux relabeling.
- path (string) Path of the directory on the host. If the path is a symlink, it will follow
the link to the real path. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- type (string) Type for HostPath Volume Defaults to "" More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-
iscsi (Object) ISCSI represents an ISCSI Disk resource that is attached to a kubelet's
host machine and then exposed to the pod. More info:
https://examples.k8s.io/volumes/iscsi/README.md
Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write
once. ISCSI volumes support ownership management and SELinux relabeling.
- chapAuthDiscovery (boolean) whether support iSCSI Discovery CHAP authentication
- chapAuthSession (boolean) whether support iSCSI Session CHAP authentication
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- initiatorName (string) Custom iSCSI Initiator Name. If initiatorName is specified with
iscsiInterface simultaneously, new iSCSI interface (target portal):(volume
name) will be created for the connection.
- iqn (string) Target iSCSI Qualified Name.
- iscsiInterface (string) iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default'
(tcp).
- lun (integer) iSCSI Target Lun number.
- portals ([]string) iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the
port is other than default (typically TCP ports 860 and 3260).
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false.
-
secretRef (Object) CHAP Secret for iSCSI target and initiator authentication
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- targetPortal (string) iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
is other than default (typically TCP ports 860 and 3260).
-
- name (string) Volume's name. Must be a DNS_LABEL and unique within the pod. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
nfs (Object) NFS represents an NFS mount on the host that shares a pod's lifetime More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do
not support ownership management or SELinux relabeling.
- path (string) Path that is exported by the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- readOnly (boolean) ReadOnly here will force the NFS export to be mounted with read-only
permissions. Defaults to false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- server (string) Server is the hostname or IP address of the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-
persistentVolumeClaim (Object) PersistentVolumeClaimVolumeSource represents a reference to a
PersistentVolumeClaim in the same namespace. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
PersistentVolumeClaimVolumeSource references the user's PVC in the same
namespace. This volume finds the bound PV and mounts that volume for the
pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around
another type of volume that is owned by someone else (the system).
- claimName (string) ClaimName is the name of a PersistentVolumeClaim in the same namespace as
the pod using this volume. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- readOnly (boolean) Will force the ReadOnly setting in VolumeMounts. Default false.
-
-
photonPersistentDisk (Object) PhotonPersistentDisk represents a PhotonController persistent disk attached
and mounted on kubelets host machine
Represents a Photon Controller persistent disk resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- pdID (string) ID that identifies Photon Controller persistent disk
-
-
portworxVolume (Object) PortworxVolume represents a portworx volume attached and mounted on
kubelets host machine
PortworxVolumeSource represents a Portworx volume resource.
- fsType (string) FSType represents the filesystem type to mount Must be a filesystem type
supported by the host operating system. Ex. "ext4", "xfs". Implicitly
inferred to be "ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- volumeID (string) VolumeID uniquely identifies a Portworx volume
-
-
projected (Object) Items for all in one resources secrets, configmaps, and downward API
Represents a projected volume source
- defaultMode (integer) Mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Directories within the path are not affected by this
setting. This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
-
sources ([]Object) list of volume projections
Projection that may be projected along with other supported volume types
-
configMap (Object) information about the configMap data to project
Adapts a ConfigMap into a projected volume.
The contents of the target ConfigMap's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names, unless the items element is populated with specific mappings of keys
to paths. Note that this is identical to a configmap volume source without
the default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
downwardAPI (Object) information about the downwardAPI data to project
Represents downward API info for projecting into a projected volume. Note
that this is identical to a downwardAPI volume source without the default
mode.
-
items ([]Object) Items is a list of DownwardAPIVolume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
secret (Object) information about the secret data to project
Adapts a secret into a projected volume.
The contents of the target Secret's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names. Note that this is identical to a secret volume source without the
default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
serviceAccountToken (Object) information about the serviceAccountToken data to project
ServiceAccountTokenProjection represents a projected service account token
volume. This projection can be used to insert a service account token into
the pods runtime filesystem for use against APIs (Kubernetes API Server or
otherwise).
- audience (string) Audience is the intended audience of the token. A recipient of a token must
identify itself with an identifier specified in the audience of the token,
and otherwise should reject the token. The audience defaults to the
identifier of the apiserver.
- expirationSeconds (integer) ExpirationSeconds is the requested duration of validity of the service
account token. As the token approaches expiration, the kubelet volume
plugin will proactively rotate the service account token. The kubelet will
start trying to rotate the token if the token is older than 80 percent of
its time to live or if the token is older than 24 hours.Defaults to 1 hour
and must be at least 10 minutes.
- path (string) Path is the path relative to the mount point of the file to project the
token into.
-
-
-
-
quobyte (Object) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte
volumes do not support ownership management or SELinux relabeling.
- group (string) Group to map volume access to Default is no group
- readOnly (boolean) ReadOnly here will force the Quobyte volume to be mounted with read-only
permissions. Defaults to false.
- registry (string) Registry represents a single or multiple Quobyte Registry services
specified as a string as host:port pair (multiple entries are separated
with commas) which acts as the central registry for volumes
- tenant (string) Tenant owning the given Quobyte volume in the Backend Used with dynamically
provisioned Quobyte volumes, value is set by the plugin
- user (string) User to map volume access to Defaults to serivceaccount user
- volume (string) Volume is a string that references an already created Quobyte volume by
name.
-
-
rbd (Object) RBD represents a Rados Block Device mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD
volumes support ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- image (string) The rados image name. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- keyring (string) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- monitors ([]string) A collection of Ceph monitors. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- pool (string) The rados pool name. Default is rbd. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
secretRef (Object) SecretRef is name of the authentication secret for RBDUser. If provided
overrides keyring. Default is nil. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) The rados user name. Default is admin. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-
scaleIO (Object) ScaleIO represents a ScaleIO persistent volume attached and mounted on
Kubernetes nodes.
ScaleIOVolumeSource represents a persistent ScaleIO volume
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
- gateway (string) The host address of the ScaleIO API Gateway.
- protectionDomain (string) The name of the ScaleIO Protection Domain for the configured storage.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef references to the secret for ScaleIO user and other sensitive
information. If this is not provided, Login operation will fail.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- sslEnabled (boolean) Flag to enable/disable SSL communication with Gateway, default false
- storageMode (string) Indicates whether the storage for a volume should be ThickProvisioned or
ThinProvisioned. Default is ThinProvisioned.
- storagePool (string) The ScaleIO Storage Pool associated with the protection domain.
- system (string) The name of the storage system as configured in ScaleIO.
- volumeName (string) The name of a volume already created in the ScaleIO system that is
associated with this volume source.
-
-
secret (Object) Secret represents a secret that should populate this volume. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
Adapts a Secret into a volume.
The contents of the target Secret's Data field will be presented in a
volume as files using the keys in the Data field as the file names. Secret
volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- optional (boolean) Specify whether the Secret or its keys must be defined
- secretName (string) Name of the secret in the pod's namespace to use. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
-
-
storageos (Object) StorageOS represents a StorageOS volume attached and mounted on Kubernetes
nodes.
Represents a StorageOS persistent volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef specifies the secret to use for obtaining the StorageOS API
credentials. If not specified, default values will be attempted.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeName (string) VolumeName is the human-readable name of the StorageOS volume. Volume names
are only unique within a namespace.
- volumeNamespace (string) VolumeNamespace specifies the scope of the volume within StorageOS. If no
namespace is specified then the Pod's namespace will be used. This allows
the Kubernetes name scoping to be mirrored within StorageOS for tighter
integration. Set VolumeName to any name to override the default behaviour.
Set to "default" if you are not using namespaces within StorageOS.
Namespaces that do not pre-exist within StorageOS will be created.
-
-
vsphereVolume (Object) VsphereVolume represents a vSphere volume attached and mounted on kubelets
host machine
Represents a vSphere volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- storagePolicyID (string) Storage Policy Based Management (SPBM) profile ID associated with the
StoragePolicyName.
- storagePolicyName (string) Storage Policy Based Management (SPBM) profile name.
- volumePath (string) Path that identifies vSphere volume vmdk
-
-
-
-
-
-
status (Object) Most recently observed status of the Deployment.
DeploymentStatus is the most recently observed status of the Deployment.
- availableReplicas (integer) Total number of available pods (ready for at least minReadySeconds)
targeted by this deployment.
- collisionCount (integer) Count of hash collisions for the Deployment. The Deployment controller uses
this field as a collision avoidance mechanism when it needs to create the
name for the newest ReplicaSet.
-
conditions ([]Object) Represents the latest available observations of a deployment's current
state.
DeploymentCondition describes the state of a deployment at a certain point.
- lastTransitionTime (string) Last time the condition transitioned from one status to another.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- lastUpdateTime (string) The last time this condition was updated.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) A human readable message indicating details about the transition.
- reason (string) The reason for the condition's last transition.
- status (string) Status of the condition, one of True, False, Unknown.
- type (string) Type of deployment condition.
-
- observedGeneration (integer) The generation observed by the deployment controller.
- readyReplicas (integer) readyReplicas is the number of pods targeted by this Deployment with a
Ready Condition.
- replicas (integer) Total number of non-terminated pods targeted by this deployment (their
labels match the selector).
- unavailableReplicas (integer) Total number of unavailable pods targeted by this deployment. This is the
total number of pods that are still required for the deployment to have
100%!a(MISSING)vailable capacity. They may either be pods that are running
but not yet available or pods that still have not been created.
- updatedReplicas (integer) Total number of non-terminated pods targeted by this deployment that have
the desired template spec.
-
-
-
ReplicaSet ReplicaSet ensures that a specified number of pod replicas are running at
any given time.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) If the Labels of a ReplicaSet are empty, they are defaulted to be the same
as the Pod(s) that the ReplicaSet manages. Standard object's metadata. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec defines the specification of the desired behavior of the ReplicaSet.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
ReplicaSetSpec is the specification of a ReplicaSet.
- minReadySeconds (integer) Minimum number of seconds for which a newly created pod should be ready
without any of its container crashing, for it to be considered available.
Defaults to 0 (pod will be considered available as soon as it is ready)
- replicas (integer) Replicas is the number of desired replicas. This is a pointer to
distinguish between explicit zero and unspecified. Defaults to 1. More
info:
https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
-
selector (Object) Selector is a label query over pods that should match the replica count.
Label keys and values that must match in order to be controlled by this
replica set. It must match the pod template's labels. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
template (Object) Template is the object that describes the pod that will be created if
insufficient replicas are detected. More info:
https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
PodTemplateSpec describes the data a pod should have when created from a
template
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
PodSpec is a description of a pod.
- activeDeadlineSeconds (integer) Optional duration in seconds the pod may be active on the node relative to
StartTime before the system will actively try to mark it failed and kill
associated containers. Value must be a positive integer.
-
affinity (Object) If specified, the pod's scheduling constraints
Affinity is a group of affinity scheduling rules.
-
nodeAffinity (Object) Describes node affinity scheduling rules for the pod.
Node affinity is a group of node affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node matches
the corresponding matchExpressions; the node(s) with the highest sum are
the most preferred.
An empty preferred scheduling term matches all objects with implicit weight
0 (i.e. it's a no-op). A null preferred scheduling term matches no objects
(i.e. is also a no-op).
-
preference (Object) A node selector term, associated with the corresponding weight.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
- weight (integer) Weight associated with matching the corresponding nodeSelectorTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution (Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to an update), the system may or may not try
to eventually evict the pod from its node.
A node selector represents the union of the results of one or more label
queries over a set of nodes; that is, it represents the OR of the selectors
represented by the node selector terms.
-
nodeSelectorTerms ([]Object) Required. A list of node selector terms. The terms are ORed.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
-
-
-
podAffinity (Object) Describes pod affinity scheduling rules (e.g. co-locate this pod in the
same node, zone, etc. as some other pod(s)).
Pod affinity is a group of inter pod affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node has pods
which matches the corresponding podAffinityTerm; the node(s) with the
highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to a pod label update), the system may or
may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
podAntiAffinity (Object) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod
in the same node, zone, etc. as some other pod(s)).
Pod anti affinity is a group of inter pod anti affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
anti-affinity expressions specified by this field, but it may choose a node
that violates one or more of the expressions. The node that is most
preferred is the one with the greatest sum of weights, i.e. for each node
that meets all of the scheduling requirements (resource request,
requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by
iterating through the elements of this field and adding "weight" to the sum
if the node has pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the anti-affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
anti-affinity requirements specified by this field cease to be met at some
point during pod execution (e.g. due to a pod label update), the system may
or may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
- automountServiceAccountToken (boolean) AutomountServiceAccountToken indicates whether a service account token
should be automatically mounted.
-
containers ([]Object) List of containers belonging to the pod. Containers cannot currently be
added or removed. There must be at least one container in a Pod. Cannot be
updated.
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
dnsConfig (Object) Specifies the DNS parameters of a pod. Parameters specified here will be
merged to the generated DNS configuration based on DNSPolicy.
PodDNSConfig defines the DNS parameters of a pod in addition to those
generated from DNSPolicy.
- nameservers ([]string) A list of DNS name server IP addresses. This will be appended to the base
nameservers generated from DNSPolicy. Duplicated nameservers will be
removed.
-
options ([]Object) A list of DNS resolver options. This will be merged with the base options
generated from DNSPolicy. Duplicated entries will be removed. Resolution
options given in Options will override those that appear in the base
DNSPolicy.
PodDNSConfigOption defines DNS resolver options of a pod.
- name (string) Required.
- value (string) (empty)
-
- searches ([]string) A list of DNS search domains for host-name lookup. This will be appended to
the base search paths generated from DNSPolicy. Duplicated search paths
will be removed.
-
- dnsPolicy (string) Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are
'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS
parameters given in DNSConfig will be merged with the policy selected with
DNSPolicy. To have DNS options set along with hostNetwork, you have to
specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
- enableServiceLinks (boolean) EnableServiceLinks indicates whether information about services should be
injected into pod's environment variables, matching the syntax of Docker
links. Optional: Defaults to true.
-
ephemeralContainers ([]Object) List of ephemeral containers run in this pod. Ephemeral containers may be
run in an existing pod to perform user-initiated actions such as debugging.
This list cannot be specified when creating a pod, and it cannot be
modified by updating the pod spec. In order to add an ephemeral container
to an existing pod, use the pod's ephemeralcontainers subresource. This
field is beta-level and available on clusters that haven't disabled the
EphemeralContainers feature gate.
An EphemeralContainer is a temporary container that you may add to an
existing Pod for user-initiated activities such as debugging. Ephemeral
containers have no resource or scheduling guarantees, and they will not be
restarted when they exit or when a Pod is removed or restarted. The kubelet
may evict a Pod if an ephemeral container causes the Pod to exceed its
resource allocation.
To add an ephemeral container, use the ephemeralcontainers subresource of
an existing Pod. Ephemeral containers may not be removed or restarted.
This is a beta feature available on clusters that haven't disabled the
EphemeralContainers feature gate.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Lifecycle is not allowed for ephemeral containers.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the ephemeral container specified as a DNS_LABEL. This name must be
unique among all containers, init containers and ephemeral containers.
-
ports ([]Object) Ports are not allowed for ephemeral containers.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Resources are not allowed for ephemeral containers. Ephemeral containers
use spare resources already allocated to the pod.
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) Optional: SecurityContext defines the security options the ephemeral
container should be run with. If set, the fields of SecurityContext
override the equivalent fields of PodSecurityContext.
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- targetContainerName (string) If set, the name of the container from PodSpec that this ephemeral
container targets. The ephemeral container will be run in the namespaces
(IPC, PID, etc) of this container. If not set then the ephemeral container
uses the namespaces configured in the Pod spec.
The container runtime must implement support for this feature. If the
runtime does not support namespace targeting then the result of setting
this field is undefined.
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Subpath mounts are
not allowed for ephemeral containers. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
hostAliases ([]Object) HostAliases is an optional list of hosts and IPs that will be injected into
the pod's hosts file if specified. This is only valid for non-hostNetwork
pods.
HostAlias holds the mapping between IP and hostnames that will be injected
as an entry in the pod's hosts file.
- hostnames ([]string) Hostnames for the above IP address.
- ip (string) IP address of the host file entry.
-
- hostIPC (boolean) Use the host's ipc namespace. Optional: Default to false.
- hostNetwork (boolean) Host networking requested for this pod. Use the host's network namespace.
If this option is set, the ports that will be used must be specified.
Default to false.
- hostPID (boolean) Use the host's pid namespace. Optional: Default to false.
- hostname (string) Specifies the hostname of the Pod If not specified, the pod's hostname will
be set to a system-defined value.
-
imagePullSecrets ([]Object) ImagePullSecrets is an optional list of references to secrets in the same
namespace to use for pulling any of the images used by this PodSpec. If
specified, these secrets will be passed to individual puller
implementations for them to use. For example, in the case of docker, only
DockerConfig type secrets are honored. More info:
https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
initContainers ([]Object) List of initialization containers belonging to the pod. Init containers are
executed in order prior to containers being started. If any init container
fails, the pod is considered to have failed and is handled according to its
restartPolicy. The name for an init container or normal container must be
unique among all containers. Init containers may not have Lifecycle
actions, Readiness probes, Liveness probes, or Startup probes. The
resourceRequirements of an init container are taken into account during
scheduling by finding the highest request/limit for each resource type, and
then using the max of of that value or the sum of the normal containers.
Limits are applied to init containers in a similar fashion. Init containers
cannot currently be added or removed. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
- nodeName (string) NodeName is a request to schedule this pod onto a specific node. If it is
non-empty, the scheduler simply schedules this pod onto that node, assuming
that it fits resource requirements.
- nodeSelector (map[string]string) NodeSelector is a selector which must be true for the pod to fit on a node.
Selector which must match a node's labels for the pod to be scheduled on
that node. More info:
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-
os (Object) Specifies the OS of the containers in the pod. Some pod and container
fields are restricted if this is set.
If the OS field is set to linux, the following fields must be unset:
-securityContext.windowsOptions
If the OS field is set to windows, following fields must be unset: -
spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions -
spec.securityContext.seccompProfile - spec.securityContext.fsGroup -
spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls -
spec.shareProcessNamespace - spec.securityContext.runAsUser -
spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups -
spec.containers[*].securityContext.seLinuxOptions -
spec.containers[*].securityContext.seccompProfile -
spec.containers[*].securityContext.capabilities -
spec.containers[*].securityContext.readOnlyRootFilesystem -
spec.containers[*].securityContext.privileged -
spec.containers[*].securityContext.allowPrivilegeEscalation -
spec.containers[*].securityContext.procMount -
spec.containers[*].securityContext.runAsUser -
spec.containers[*].securityContext.runAsGroup This is an alpha field and
requires the IdentifyPodOS feature
PodOS defines the OS parameters of a pod.
- name (string) Name is the name of the operating system. The currently supported values
are linux and windows. Additional value may be defined in future and can be
one of:
https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
Clients should expect to handle additional values and treat unrecognized
values in this field as os: null
-
- overhead (map[string]string) Overhead represents the resource overhead associated with running a pod for
a given RuntimeClass. This field will be autopopulated at admission time by
the RuntimeClass admission controller. If the RuntimeClass admission
controller is enabled, overhead must not be set in Pod create requests. The
RuntimeClass admission controller will reject Pod create requests which
have the overhead already set. If RuntimeClass is configured and selected
in the PodSpec, Overhead will be set to the value defined in the
corresponding RuntimeClass, otherwise it will remain unset and treated as
zero. More info:
https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
This field is beta-level as of Kubernetes v1.18, and is only honored by
servers that enable the PodOverhead feature.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- preemptionPolicy (string) PreemptionPolicy is the Policy for preempting pods with lower priority. One
of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
This field is beta-level, gated by the NonPreemptingPriority feature-gate.
- priority (integer) The priority value. Various system components use this field to find the
priority of the pod. When Priority Admission Controller is enabled, it
prevents users from setting this field. The admission controller populates
this field from PriorityClassName. The higher the value, the higher the
priority.
- priorityClassName (string) If specified, indicates the pod's priority. "system-node-critical" and
"system-cluster-critical" are two special keywords which indicate the
highest priorities with the former being the highest priority. Any other
name must be defined by creating a PriorityClass object with that name. If
not specified, the pod priority will be default or zero if there is no
default.
-
readinessGates ([]Object) If specified, all readiness gates will be evaluated for pod readiness. A
pod is ready when all its containers are ready AND all conditions specified
in the readiness gates have status equal to "True" More info:
https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
PodReadinessGate contains the reference to a pod condition
- conditionType (string) ConditionType refers to a condition in the pod's condition list with
matching type.
-
- restartPolicy (string) Restart policy for all containers within the pod. One of Always, OnFailure,
Never. Default to Always. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
- runtimeClassName (string) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group,
which should be used to run this pod. If no RuntimeClass resource matches
the named class, the pod will not be run. If unset or empty, the "legacy"
RuntimeClass will be used, which is an implicit class with an empty
definition that uses the default runtime handler. More info:
https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class This is a
beta feature as of Kubernetes v1.14.
- schedulerName (string) If specified, the pod will be dispatched by specified scheduler. If not
specified, the pod will be dispatched by default scheduler.
-
securityContext (Object) SecurityContext holds pod-level security attributes and common container
settings. Optional: Defaults to empty. See type description for default
values of each field.
PodSecurityContext holds pod-level security attributes and common container
settings. Some fields are also present in container.securityContext. Field
values of container.securityContext take precedence over field values of
PodSecurityContext.
- fsGroup (integer) A special supplemental group that applies to all containers in a pod. Some
volume types allow the Kubelet to change the ownership of that volume to be
owned by the pod:
1. The owning GID will be the FSGroup 2. The setgid bit is set (new files
created in the volume will be owned by FSGroup) 3. The permission bits are
OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any
volume. Note that this field cannot be set when spec.os.name is windows.
- fsGroupChangePolicy (string) fsGroupChangePolicy defines behavior of changing ownership and permission
of the volume before being exposed inside Pod. This field will only apply
to volume types which support fsGroup based ownership(and permissions). It
will have no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always". If not
specified, "Always" is used. Note that this field cannot be set when
spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence for that container.
Note that this field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to all containers. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by the containers in this pod. Note that this
field cannot be set when spec.os.name is windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
- supplementalGroups ([]integer) A list of groups applied to the first process run in each container, in
addition to the container's primary GID. If unspecified, no groups will be
added to any container. Note that this field cannot be set when
spec.os.name is windows.
-
sysctls ([]Object) Sysctls hold a list of namespaced sysctls used for the pod. Pods with
unsupported sysctls (by the container runtime) might fail to launch. Note
that this field cannot be set when spec.os.name is windows.
Sysctl defines a kernel parameter to be set
- name (string) Name of a property to set
- value (string) Value of a property to set
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options within a container's SecurityContext will be used. If set in
both SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
- serviceAccount (string) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
Deprecated: Use serviceAccountName instead.
- serviceAccountName (string) ServiceAccountName is the name of the ServiceAccount to use to run this
pod. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- setHostnameAsFQDN (boolean) If true the pod's hostname will be configured as the pod's FQDN, rather
than the leaf name (the default). In Linux containers, this means setting
the FQDN in the hostname field of the kernel (the nodename field of struct
utsname). In Windows containers, this means setting the registry value of
hostname for the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to
FQDN. If a pod does not have FQDN, this has no effect. Default to false.
- shareProcessNamespace (boolean) Share a single process namespace between all of the containers in a pod.
When this is set containers will be able to view and signal processes from
other containers in the same pod, and the first process in each container
will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both
be set. Optional: Default to false.
- subdomain (string) If specified, the fully qualified Pod hostname will be
"(hostname).(subdomain).(pod namespace).svc.(cluster domain)". If not
specified, the pod will not have a domainname at all.
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully. May be
decreased in delete request. Value must be non-negative integer. The value
zero indicates stop immediately via the kill signal (no opportunity to shut
down). If this value is nil, the default grace period will be used instead.
The grace period is the duration in seconds after the processes running in
the pod are sent a termination signal and the time when the processes are
forcibly halted with a kill signal. Set this value longer than the expected
cleanup time for your process. Defaults to 30 seconds.
-
tolerations ([]Object) If specified, the pod's tolerations.
The pod this Toleration is attached to tolerates any taint that matches the
triple (key,value,effect) using the matching operator (operator).
- effect (string) Effect indicates the taint effect to match. Empty means match all taint
effects. When specified, allowed values are NoSchedule, PreferNoSchedule
and NoExecute.
- key (string) Key is the taint key that the toleration applies to. Empty means match all
taint keys. If the key is empty, operator must be Exists; this combination
means to match all values and all keys.
- operator (string) Operator represents a key's relationship to the value. Valid operators are
Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for
value, so that a pod can tolerate all taints of a particular category.
- tolerationSeconds (integer) TolerationSeconds represents the period of time the toleration (which must
be of effect NoExecute, otherwise this field is ignored) tolerates the
taint. By default, it is not set, which means tolerate the taint forever
(do not evict). Zero and negative values will be treated as 0 (evict
immediately) by the system.
- value (string) Value is the taint value the toleration matches to. If the operator is
Exists, the value should be empty, otherwise just a regular string.
-
-
topologySpreadConstraints ([]Object) TopologySpreadConstraints describes how a group of pods ought to spread
across topology domains. Scheduler will schedule pods in a way which abides
by the constraints. All topologySpreadConstraints are ANDed.
TopologySpreadConstraint specifies how to spread matching pods among the
given topology.
-
labelSelector (Object) LabelSelector is used to find matching pods. Pods that match this label
selector are counted to determine the number of pods in their corresponding
topology domain.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- maxSkew (integer) MaxSkew describes the degree to which pods may be unevenly distributed.
When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted
difference between the number of matching pods in the target topology and
the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1,
and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 |
zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled
to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the
ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2,
incoming pod can be scheduled onto any zone. When
`whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to
topologies that satisfy it. It's a required field. Default value is 1 and 0
is not allowed.
- topologyKey (string) TopologyKey is the key of node labels. Nodes that have a label with this
key and identical values are considered to be in the same topology. We
consider each (key, value) as a "bucket", and try to put balanced number of
pods into each bucket. It's a required field.
- whenUnsatisfiable (string) WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
the spread constraint. - DoNotSchedule (default) tells the scheduler not to
schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in
any location, but giving higher precedence to topologies that would help
reduce the skew. A constraint is considered "Unsatisfiable" for an incoming
pod if and only if every possible node assignment for that pod would
violate "MaxSkew" on some topology. For example, in a 3-zone cluster,
MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:
| zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to
DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become
3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In
other words, the cluster can still be imbalanced, but scheduler won't make
it *more* imbalanced. It's a required field.
-
-
volumes ([]Object) List of volumes that can be mounted by containers belonging to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes
Volume represents a named volume in a pod that may be accessed by any
container in the pod.
-
awsElasticBlockStore (Object) AWSElasticBlockStore represents an AWS Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
Represents a Persistent Disk resource in AWS.
An AWS EBS disk must exist before mounting to a container. The disk must
also be in the same AWS zone as the kubelet. An AWS EBS disk can only be
mounted as read/write once. AWS EBS volumes support ownership management
and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty).
- readOnly (boolean) Specify "true" to force and set the ReadOnly property in VolumeMounts to
"true". If omitted, the default is "false". More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- volumeID (string) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More
info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-
azureDisk (Object) AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
- cachingMode (string) Host Caching mode: None, Read Only, Read Write.
- diskName (string) The Name of the data disk in the blob storage
- diskURI (string) The URI the data disk in the blob storage
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- kind (string) Expected values Shared: multiple blob disks per storage account Dedicated:
single blob disk per storage account Managed: azure managed data disk (only
in managed availability set). defaults to shared
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
-
azureFile (Object) AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- secretName (string) the name of secret that contains Azure Storage Account Name and Key
- shareName (string) Share Name
-
-
cephfs (Object) CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs
volumes do not support ownership management or SELinux relabeling.
- monitors ([]string) Required: Monitors is a collection of Ceph monitors More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- path (string) Optional: Used as the mounted root, rather than the full Ceph tree, default
is /
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- secretFile (string) Optional: SecretFile is the path to key ring for User, default is
/etc/ceph/user.secret More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
secretRef (Object) Optional: SecretRef is reference to the authentication secret for User,
default is empty. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) Optional: User is the rados user name, default is admin More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-
cinder (Object) Cinder represents a cinder volume attached and mounted on kubelets host
machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
Represents a cinder volume resource in Openstack. A Cinder volume must
exist before mounting to a container. The volume must also be in the same
region as the kubelet. Cinder volumes support ownership management and
SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
be "ext4" if unspecified. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
secretRef (Object) Optional: points to a secret object containing parameters used to connect
to OpenStack.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeID (string) volume id used to identify the volume in cinder. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
-
configMap (Object) ConfigMap represents a configMap that should populate this volume
Adapts a ConfigMap into a volume.
The contents of the target ConfigMap's Data field will be presented in a
volume as files using the keys in the Data field as the file names, unless
the items element is populated with specific mappings of keys to paths.
ConfigMap volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
csi (Object) CSI (Container Storage Interface) represents ephemeral storage that is
handled by certain external CSI drivers (Beta feature).
Represents a source location of a volume to mount, managed by an external
CSI driver
- driver (string) Driver is the name of the CSI driver that handles this volume. Consult with
your admin for the correct name as registered in the cluster.
- fsType (string) Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the
empty value is passed to the associated CSI driver which will determine the
default filesystem to apply.
-
nodePublishSecretRef (Object) NodePublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls. This field is optional,
and may be empty if no secret is required. If the secret object contains
more than one secret, all secret references are passed.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- readOnly (boolean) Specifies a read-only configuration for the volume. Defaults to false
(read/write).
- volumeAttributes (map[string]string) VolumeAttributes stores driver-specific properties that are passed to the
CSI driver. Consult your driver's documentation for supported values.
-
-
downwardAPI (Object) DownwardAPI represents downward API about the pod that should populate this
volume
DownwardAPIVolumeSource represents a volume containing downward API info.
Downward API volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits to use on created files by default. Must be a Optional:
mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) Items is a list of downward API volume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
emptyDir (Object) EmptyDir represents a temporary directory that shares a pod's lifetime.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
Represents an empty directory for a pod. Empty directory volumes support
ownership management and SELinux relabeling.
- medium (string) What type of storage medium should back this directory. The default is ""
which means to use the node's default medium. Must be an empty string
(default) or Memory. More info:
https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- sizeLimit (string) Total amount of local storage required for this EmptyDir volume. The size
limit is also applicable for memory medium. The maximum usage on memory
medium EmptyDir would be the minimum value between the SizeLimit specified
here and the sum of memory limits of all containers in a pod. The default
is nil which means that the limit is undefined. More info:
http://kubernetes.io/docs/user-guide/volumes#emptydir
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
ephemeral (Object) Ephemeral represents a volume that is handled by a cluster storage driver.
The volume's lifecycle is tied to the pod that defines it - it will be
created before the pod starts, and deleted when the pod is removed.
Use this if: a) the volume is only needed while the pod runs, b) features
of normal volumes like restoring from snapshot or capacity tracking are
needed, c) the storage driver is specified through a storage class, and d)
the storage driver supports dynamic volume provisioning through a
PersistentVolumeClaim (see EphemeralVolumeSource for more information on
the connection between this volume type and PersistentVolumeClaim).
Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes
that persist for longer than the lifecycle of an individual pod.
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant
to be used that way - see the documentation of the driver for more
information.
A pod can use both types of ephemeral volumes and persistent volumes at the
same time.
Represents an ephemeral volume that is handled by a normal storage driver.
-
volumeClaimTemplate (Object) Will be used to create a stand-alone PVC to provision the volume. The pod
in which this EphemeralVolumeSource is embedded will be the owner of the
PVC, i.e. the PVC will be deleted together with the pod. The name of the
PVC will be `(pod name)-(volume name)` where `(volume name)` is the name
from the `PodSpec.Volumes` array entry. Pod validation will reject the pod
if the concatenated name is not valid for a PVC (for example, too long).
An existing PVC with that name that is not owned by the pod will *not* be
used for the pod to avoid using an unrelated volume by mistake. Starting
the pod is then blocked until the unrelated PVC is removed. If such a
pre-created PVC is meant to be used by the pod, the PVC has to updated with
an owner reference to the pod once the pod exists. Normally this should not
be necessary, but it may be useful when manually reconstructing a broken
cluster.
This field is read-only and no changes will be made by Kubernetes to the
PVC after it has been created.
Required, must not be nil.
PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim
objects as part of an EphemeralVolumeSource.
-
metadata (Object) May contain labels and annotations that will be copied into the PVC when
creating it. No other fields are allowed and will be rejected during
validation.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) The specification for the PersistentVolumeClaim. The entire content is
copied unchanged into the PVC that gets created from this template. The
same fields as in a PersistentVolumeClaim are also valid here.
PersistentVolumeClaimSpec describes the common attributes of storage
devices and allows a Source for provider-specific attributes
- accessModes ([]string) AccessModes contains the desired access modes the volume should have. More
info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-
dataSource (Object) This field can be used to specify either: * An existing VolumeSnapshot
object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC
(PersistentVolumeClaim) If the provisioner or an external controller can
support the specified data source, it will create a new volume based on the
contents of the specified data source. If the AnyVolumeDataSource feature
gate is enabled, this field will always have the same contents as the
DataSourceRef field.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
dataSourceRef (Object) Specifies the object from which to populate the volume with data, if a
non-empty volume is desired. This may be any local object from a non-empty
API group (non core object) or a PersistentVolumeClaim object. When this
field is specified, volume binding will only succeed if the type of the
specified object matches some installed volume populator or dynamic
provisioner. This field will replace the functionality of the DataSource
field and as such if both fields are non-empty, they must have the same
value. For backwards compatibility, both fields (DataSource and
DataSourceRef) will be set to the same value automatically if one of them
is empty and the other is non-empty. There are two important differences
between DataSource and DataSourceRef: * While DataSource only allows two
specific types of objects, DataSourceRef allows any non-core object, as
well as PersistentVolumeClaim objects.
* While DataSource ignores disallowed values (dropping them), DataSourceRef
preserves all values, and generates an error if a disallowed value is
specified. (Alpha) Using this field requires the AnyVolumeDataSource
feature gate to be enabled.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
resources (Object) Resources represents the minimum resources the volume should have. If
RecoverVolumeExpansionFailure feature is enabled users are allowed to
specify resource requirements that are lower than previous value but must
still be higher than capacity recorded in the status field of the claim.
More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
selector (Object) A label query over volumes to consider for binding.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- storageClassName (string) Name of the StorageClass required by the claim. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- volumeMode (string) volumeMode defines what type of volume is required by the claim. Value of
Filesystem is implied when not included in claim spec.
- volumeName (string) VolumeName is the binding reference to the PersistentVolume backing this
claim.
-
-
-
-
fc (Object) FC represents a Fibre Channel resource that is attached to a kubelet's host
machine and then exposed to the pod.
Represents a Fibre Channel volume. Fibre Channel volumes can only be
mounted as read/write once. Fibre Channel volumes support ownership
management and SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- lun (integer) Optional: FC target lun number
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
- targetWWNs ([]string) Optional: FC target worldwide names (WWNs)
- wwids ([]string) Optional: FC volume world wide identifiers (wwids) Either wwids or
combination of targetWWNs and lun must be set, but not both simultaneously.
-
-
flexVolume (Object) FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
- driver (string) Driver is the name of the driver to use for this volume.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends
on FlexVolume script.
- options (map[string]string) Optional: Extra command options if any.
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
-
secretRef (Object) Optional: SecretRef is reference to the secret object containing sensitive
information to pass to the plugin scripts. This may be empty if no secret
object is specified. If the secret object contains more than one secret,
all secrets are passed to the plugin scripts.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
flocker (Object) Flocker represents a Flocker volume attached to a kubelet's host machine.
This depends on the Flocker control service being running
Represents a Flocker volume mounted by the Flocker agent. One and only one
of datasetName and datasetUUID should be set. Flocker volumes do not
support ownership management or SELinux relabeling.
- datasetName (string) Name of the dataset stored as metadata -) name on the dataset for Flocker
should be considered as deprecated
- datasetUUID (string) UUID of the dataset. This is unique identifier of a Flocker dataset
-
-
gcePersistentDisk (Object) GCEPersistentDisk represents a GCE Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
Represents a Persistent Disk resource in Google Compute Engine.
A GCE PD must exist before mounting to a container. The disk must also be
in the same GCE project and zone as the kubelet. A GCE PD can only be
mounted as read/write once or read-only many times. GCE PDs support
ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty). More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- pdName (string) Unique name of the PD resource in GCE. Used to identify the disk in GCE.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-
gitRepo (Object) GitRepo represents a git repository at a particular revision. DEPRECATED:
GitRepo is deprecated. To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo using git, then mount
the EmptyDir into the Pod's container.
Represents a volume that is populated with the contents of a git
repository. Git repo volumes do not support ownership management. Git repo
volumes support SELinux relabeling.
DEPRECATED: GitRepo is deprecated. To provision a container with a git
repo, mount an EmptyDir into an InitContainer that clones the repo using
git, then mount the EmptyDir into the Pod's container.
- directory (string) Target directory name. Must not contain or start with '..'. If '.' is
supplied, the volume directory will be the git repository. Otherwise, if
specified, the volume will contain the git repository in the subdirectory
with the given name.
- repository (string) Repository URL
- revision (string) Commit hash for the specified revision.
-
-
glusterfs (Object) Glusterfs represents a Glusterfs mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs
volumes do not support ownership management or SELinux relabeling.
- endpoints (string) EndpointsName is the endpoint name that details Glusterfs topology. More
info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- path (string) Path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- readOnly (boolean) ReadOnly here will force the Glusterfs volume to be mounted with read-only
permissions. Defaults to false. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-
hostPath (Object) HostPath represents a pre-existing file or directory on the host machine
that is directly exposed to the container. This is generally used for
system agents or other privileged things that are allowed to see the host
machine. Most containers will NOT need this. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
Represents a host path mapped into a pod. Host path volumes do not support
ownership management or SELinux relabeling.
- path (string) Path of the directory on the host. If the path is a symlink, it will follow
the link to the real path. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- type (string) Type for HostPath Volume Defaults to "" More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-
iscsi (Object) ISCSI represents an ISCSI Disk resource that is attached to a kubelet's
host machine and then exposed to the pod. More info:
https://examples.k8s.io/volumes/iscsi/README.md
Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write
once. ISCSI volumes support ownership management and SELinux relabeling.
- chapAuthDiscovery (boolean) whether support iSCSI Discovery CHAP authentication
- chapAuthSession (boolean) whether support iSCSI Session CHAP authentication
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- initiatorName (string) Custom iSCSI Initiator Name. If initiatorName is specified with
iscsiInterface simultaneously, new iSCSI interface (target portal):(volume
name) will be created for the connection.
- iqn (string) Target iSCSI Qualified Name.
- iscsiInterface (string) iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default'
(tcp).
- lun (integer) iSCSI Target Lun number.
- portals ([]string) iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the
port is other than default (typically TCP ports 860 and 3260).
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false.
-
secretRef (Object) CHAP Secret for iSCSI target and initiator authentication
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- targetPortal (string) iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
is other than default (typically TCP ports 860 and 3260).
-
- name (string) Volume's name. Must be a DNS_LABEL and unique within the pod. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
nfs (Object) NFS represents an NFS mount on the host that shares a pod's lifetime More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do
not support ownership management or SELinux relabeling.
- path (string) Path that is exported by the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- readOnly (boolean) ReadOnly here will force the NFS export to be mounted with read-only
permissions. Defaults to false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- server (string) Server is the hostname or IP address of the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-
persistentVolumeClaim (Object) PersistentVolumeClaimVolumeSource represents a reference to a
PersistentVolumeClaim in the same namespace. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
PersistentVolumeClaimVolumeSource references the user's PVC in the same
namespace. This volume finds the bound PV and mounts that volume for the
pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around
another type of volume that is owned by someone else (the system).
- claimName (string) ClaimName is the name of a PersistentVolumeClaim in the same namespace as
the pod using this volume. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- readOnly (boolean) Will force the ReadOnly setting in VolumeMounts. Default false.
-
-
photonPersistentDisk (Object) PhotonPersistentDisk represents a PhotonController persistent disk attached
and mounted on kubelets host machine
Represents a Photon Controller persistent disk resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- pdID (string) ID that identifies Photon Controller persistent disk
-
-
portworxVolume (Object) PortworxVolume represents a portworx volume attached and mounted on
kubelets host machine
PortworxVolumeSource represents a Portworx volume resource.
- fsType (string) FSType represents the filesystem type to mount Must be a filesystem type
supported by the host operating system. Ex. "ext4", "xfs". Implicitly
inferred to be "ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- volumeID (string) VolumeID uniquely identifies a Portworx volume
-
-
projected (Object) Items for all in one resources secrets, configmaps, and downward API
Represents a projected volume source
- defaultMode (integer) Mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Directories within the path are not affected by this
setting. This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
-
sources ([]Object) list of volume projections
Projection that may be projected along with other supported volume types
-
configMap (Object) information about the configMap data to project
Adapts a ConfigMap into a projected volume.
The contents of the target ConfigMap's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names, unless the items element is populated with specific mappings of keys
to paths. Note that this is identical to a configmap volume source without
the default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
downwardAPI (Object) information about the downwardAPI data to project
Represents downward API info for projecting into a projected volume. Note
that this is identical to a downwardAPI volume source without the default
mode.
-
items ([]Object) Items is a list of DownwardAPIVolume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
secret (Object) information about the secret data to project
Adapts a secret into a projected volume.
The contents of the target Secret's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names. Note that this is identical to a secret volume source without the
default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
serviceAccountToken (Object) information about the serviceAccountToken data to project
ServiceAccountTokenProjection represents a projected service account token
volume. This projection can be used to insert a service account token into
the pods runtime filesystem for use against APIs (Kubernetes API Server or
otherwise).
- audience (string) Audience is the intended audience of the token. A recipient of a token must
identify itself with an identifier specified in the audience of the token,
and otherwise should reject the token. The audience defaults to the
identifier of the apiserver.
- expirationSeconds (integer) ExpirationSeconds is the requested duration of validity of the service
account token. As the token approaches expiration, the kubelet volume
plugin will proactively rotate the service account token. The kubelet will
start trying to rotate the token if the token is older than 80 percent of
its time to live or if the token is older than 24 hours.Defaults to 1 hour
and must be at least 10 minutes.
- path (string) Path is the path relative to the mount point of the file to project the
token into.
-
-
-
-
quobyte (Object) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte
volumes do not support ownership management or SELinux relabeling.
- group (string) Group to map volume access to Default is no group
- readOnly (boolean) ReadOnly here will force the Quobyte volume to be mounted with read-only
permissions. Defaults to false.
- registry (string) Registry represents a single or multiple Quobyte Registry services
specified as a string as host:port pair (multiple entries are separated
with commas) which acts as the central registry for volumes
- tenant (string) Tenant owning the given Quobyte volume in the Backend Used with dynamically
provisioned Quobyte volumes, value is set by the plugin
- user (string) User to map volume access to Defaults to serivceaccount user
- volume (string) Volume is a string that references an already created Quobyte volume by
name.
-
-
rbd (Object) RBD represents a Rados Block Device mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD
volumes support ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- image (string) The rados image name. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- keyring (string) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- monitors ([]string) A collection of Ceph monitors. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- pool (string) The rados pool name. Default is rbd. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
secretRef (Object) SecretRef is name of the authentication secret for RBDUser. If provided
overrides keyring. Default is nil. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) The rados user name. Default is admin. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-
scaleIO (Object) ScaleIO represents a ScaleIO persistent volume attached and mounted on
Kubernetes nodes.
ScaleIOVolumeSource represents a persistent ScaleIO volume
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
- gateway (string) The host address of the ScaleIO API Gateway.
- protectionDomain (string) The name of the ScaleIO Protection Domain for the configured storage.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef references to the secret for ScaleIO user and other sensitive
information. If this is not provided, Login operation will fail.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- sslEnabled (boolean) Flag to enable/disable SSL communication with Gateway, default false
- storageMode (string) Indicates whether the storage for a volume should be ThickProvisioned or
ThinProvisioned. Default is ThinProvisioned.
- storagePool (string) The ScaleIO Storage Pool associated with the protection domain.
- system (string) The name of the storage system as configured in ScaleIO.
- volumeName (string) The name of a volume already created in the ScaleIO system that is
associated with this volume source.
-
-
secret (Object) Secret represents a secret that should populate this volume. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
Adapts a Secret into a volume.
The contents of the target Secret's Data field will be presented in a
volume as files using the keys in the Data field as the file names. Secret
volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- optional (boolean) Specify whether the Secret or its keys must be defined
- secretName (string) Name of the secret in the pod's namespace to use. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
-
-
storageos (Object) StorageOS represents a StorageOS volume attached and mounted on Kubernetes
nodes.
Represents a StorageOS persistent volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef specifies the secret to use for obtaining the StorageOS API
credentials. If not specified, default values will be attempted.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeName (string) VolumeName is the human-readable name of the StorageOS volume. Volume names
are only unique within a namespace.
- volumeNamespace (string) VolumeNamespace specifies the scope of the volume within StorageOS. If no
namespace is specified then the Pod's namespace will be used. This allows
the Kubernetes name scoping to be mirrored within StorageOS for tighter
integration. Set VolumeName to any name to override the default behaviour.
Set to "default" if you are not using namespaces within StorageOS.
Namespaces that do not pre-exist within StorageOS will be created.
-
-
vsphereVolume (Object) VsphereVolume represents a vSphere volume attached and mounted on kubelets
host machine
Represents a vSphere volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- storagePolicyID (string) Storage Policy Based Management (SPBM) profile ID associated with the
StoragePolicyName.
- storagePolicyName (string) Storage Policy Based Management (SPBM) profile name.
- volumePath (string) Path that identifies vSphere volume vmdk
-
-
-
-
-
-
status (Object) Status is the most recently observed status of the ReplicaSet. This data
may be out of date by some window of time. Populated by the system.
Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
ReplicaSetStatus represents the current status of a ReplicaSet.
- availableReplicas (integer) The number of available replicas (ready for at least minReadySeconds) for
this replica set.
-
conditions ([]Object) Represents the latest available observations of a replica set's current
state.
ReplicaSetCondition describes the state of a replica set at a certain
point.
- lastTransitionTime (string) The last time the condition transitioned from one status to another.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) A human readable message indicating details about the transition.
- reason (string) The reason for the condition's last transition.
- status (string) Status of the condition, one of True, False, Unknown.
- type (string) Type of replica set condition.
-
- fullyLabeledReplicas (integer) The number of pods that have labels matching the labels of the pod template
of the replicaset.
- observedGeneration (integer) ObservedGeneration reflects the generation of the most recently observed
ReplicaSet.
- readyReplicas (integer) readyReplicas is the number of pods targeted by this ReplicaSet with a
Ready Condition.
- replicas (integer) Replicas is the most recently oberved number of replicas. More info:
https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
-
-
-
DaemonSet DaemonSet represents the configuration of a daemon set.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) The desired behavior of this daemon set. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
DaemonSetSpec is the specification of a daemon set.
- minReadySeconds (integer) The minimum number of seconds for which a newly created DaemonSet pod
should be ready without any of its container crashing, for it to be
considered available. Defaults to 0 (pod will be considered available as
soon as it is ready).
- revisionHistoryLimit (integer) The number of old history to retain to allow rollback. This is a pointer to
distinguish between explicit zero and not specified. Defaults to 10.
-
selector (Object) A label query over pods that are managed by the daemon set. Must match in
order to be controlled. It must match the pod template's labels. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
template (Object) An object that describes the pod that will be created. The DaemonSet will
create exactly one copy of this pod on every node that matches the
template's node selector (or on every node if no node selector is
specified). More info:
https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
PodTemplateSpec describes the data a pod should have when created from a
template
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
PodSpec is a description of a pod.
- activeDeadlineSeconds (integer) Optional duration in seconds the pod may be active on the node relative to
StartTime before the system will actively try to mark it failed and kill
associated containers. Value must be a positive integer.
-
affinity (Object) If specified, the pod's scheduling constraints
Affinity is a group of affinity scheduling rules.
-
nodeAffinity (Object) Describes node affinity scheduling rules for the pod.
Node affinity is a group of node affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node matches
the corresponding matchExpressions; the node(s) with the highest sum are
the most preferred.
An empty preferred scheduling term matches all objects with implicit weight
0 (i.e. it's a no-op). A null preferred scheduling term matches no objects
(i.e. is also a no-op).
-
preference (Object) A node selector term, associated with the corresponding weight.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
- weight (integer) Weight associated with matching the corresponding nodeSelectorTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution (Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to an update), the system may or may not try
to eventually evict the pod from its node.
A node selector represents the union of the results of one or more label
queries over a set of nodes; that is, it represents the OR of the selectors
represented by the node selector terms.
-
nodeSelectorTerms ([]Object) Required. A list of node selector terms. The terms are ORed.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
-
-
-
podAffinity (Object) Describes pod affinity scheduling rules (e.g. co-locate this pod in the
same node, zone, etc. as some other pod(s)).
Pod affinity is a group of inter pod affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node has pods
which matches the corresponding podAffinityTerm; the node(s) with the
highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to a pod label update), the system may or
may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
podAntiAffinity (Object) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod
in the same node, zone, etc. as some other pod(s)).
Pod anti affinity is a group of inter pod anti affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
anti-affinity expressions specified by this field, but it may choose a node
that violates one or more of the expressions. The node that is most
preferred is the one with the greatest sum of weights, i.e. for each node
that meets all of the scheduling requirements (resource request,
requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by
iterating through the elements of this field and adding "weight" to the sum
if the node has pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the anti-affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
anti-affinity requirements specified by this field cease to be met at some
point during pod execution (e.g. due to a pod label update), the system may
or may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
- automountServiceAccountToken (boolean) AutomountServiceAccountToken indicates whether a service account token
should be automatically mounted.
-
containers ([]Object) List of containers belonging to the pod. Containers cannot currently be
added or removed. There must be at least one container in a Pod. Cannot be
updated.
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
dnsConfig (Object) Specifies the DNS parameters of a pod. Parameters specified here will be
merged to the generated DNS configuration based on DNSPolicy.
PodDNSConfig defines the DNS parameters of a pod in addition to those
generated from DNSPolicy.
- nameservers ([]string) A list of DNS name server IP addresses. This will be appended to the base
nameservers generated from DNSPolicy. Duplicated nameservers will be
removed.
-
options ([]Object) A list of DNS resolver options. This will be merged with the base options
generated from DNSPolicy. Duplicated entries will be removed. Resolution
options given in Options will override those that appear in the base
DNSPolicy.
PodDNSConfigOption defines DNS resolver options of a pod.
- name (string) Required.
- value (string) (empty)
-
- searches ([]string) A list of DNS search domains for host-name lookup. This will be appended to
the base search paths generated from DNSPolicy. Duplicated search paths
will be removed.
-
- dnsPolicy (string) Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are
'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS
parameters given in DNSConfig will be merged with the policy selected with
DNSPolicy. To have DNS options set along with hostNetwork, you have to
specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
- enableServiceLinks (boolean) EnableServiceLinks indicates whether information about services should be
injected into pod's environment variables, matching the syntax of Docker
links. Optional: Defaults to true.
-
ephemeralContainers ([]Object) List of ephemeral containers run in this pod. Ephemeral containers may be
run in an existing pod to perform user-initiated actions such as debugging.
This list cannot be specified when creating a pod, and it cannot be
modified by updating the pod spec. In order to add an ephemeral container
to an existing pod, use the pod's ephemeralcontainers subresource. This
field is beta-level and available on clusters that haven't disabled the
EphemeralContainers feature gate.
An EphemeralContainer is a temporary container that you may add to an
existing Pod for user-initiated activities such as debugging. Ephemeral
containers have no resource or scheduling guarantees, and they will not be
restarted when they exit or when a Pod is removed or restarted. The kubelet
may evict a Pod if an ephemeral container causes the Pod to exceed its
resource allocation.
To add an ephemeral container, use the ephemeralcontainers subresource of
an existing Pod. Ephemeral containers may not be removed or restarted.
This is a beta feature available on clusters that haven't disabled the
EphemeralContainers feature gate.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Lifecycle is not allowed for ephemeral containers.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the ephemeral container specified as a DNS_LABEL. This name must be
unique among all containers, init containers and ephemeral containers.
-
ports ([]Object) Ports are not allowed for ephemeral containers.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Resources are not allowed for ephemeral containers. Ephemeral containers
use spare resources already allocated to the pod.
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) Optional: SecurityContext defines the security options the ephemeral
container should be run with. If set, the fields of SecurityContext
override the equivalent fields of PodSecurityContext.
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- targetContainerName (string) If set, the name of the container from PodSpec that this ephemeral
container targets. The ephemeral container will be run in the namespaces
(IPC, PID, etc) of this container. If not set then the ephemeral container
uses the namespaces configured in the Pod spec.
The container runtime must implement support for this feature. If the
runtime does not support namespace targeting then the result of setting
this field is undefined.
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Subpath mounts are
not allowed for ephemeral containers. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
hostAliases ([]Object) HostAliases is an optional list of hosts and IPs that will be injected into
the pod's hosts file if specified. This is only valid for non-hostNetwork
pods.
HostAlias holds the mapping between IP and hostnames that will be injected
as an entry in the pod's hosts file.
- hostnames ([]string) Hostnames for the above IP address.
- ip (string) IP address of the host file entry.
-
- hostIPC (boolean) Use the host's ipc namespace. Optional: Default to false.
- hostNetwork (boolean) Host networking requested for this pod. Use the host's network namespace.
If this option is set, the ports that will be used must be specified.
Default to false.
- hostPID (boolean) Use the host's pid namespace. Optional: Default to false.
- hostname (string) Specifies the hostname of the Pod If not specified, the pod's hostname will
be set to a system-defined value.
-
imagePullSecrets ([]Object) ImagePullSecrets is an optional list of references to secrets in the same
namespace to use for pulling any of the images used by this PodSpec. If
specified, these secrets will be passed to individual puller
implementations for them to use. For example, in the case of docker, only
DockerConfig type secrets are honored. More info:
https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
initContainers ([]Object) List of initialization containers belonging to the pod. Init containers are
executed in order prior to containers being started. If any init container
fails, the pod is considered to have failed and is handled according to its
restartPolicy. The name for an init container or normal container must be
unique among all containers. Init containers may not have Lifecycle
actions, Readiness probes, Liveness probes, or Startup probes. The
resourceRequirements of an init container are taken into account during
scheduling by finding the highest request/limit for each resource type, and
then using the max of of that value or the sum of the normal containers.
Limits are applied to init containers in a similar fashion. Init containers
cannot currently be added or removed. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
- nodeName (string) NodeName is a request to schedule this pod onto a specific node. If it is
non-empty, the scheduler simply schedules this pod onto that node, assuming
that it fits resource requirements.
- nodeSelector (map[string]string) NodeSelector is a selector which must be true for the pod to fit on a node.
Selector which must match a node's labels for the pod to be scheduled on
that node. More info:
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-
os (Object) Specifies the OS of the containers in the pod. Some pod and container
fields are restricted if this is set.
If the OS field is set to linux, the following fields must be unset:
-securityContext.windowsOptions
If the OS field is set to windows, following fields must be unset: -
spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions -
spec.securityContext.seccompProfile - spec.securityContext.fsGroup -
spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls -
spec.shareProcessNamespace - spec.securityContext.runAsUser -
spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups -
spec.containers[*].securityContext.seLinuxOptions -
spec.containers[*].securityContext.seccompProfile -
spec.containers[*].securityContext.capabilities -
spec.containers[*].securityContext.readOnlyRootFilesystem -
spec.containers[*].securityContext.privileged -
spec.containers[*].securityContext.allowPrivilegeEscalation -
spec.containers[*].securityContext.procMount -
spec.containers[*].securityContext.runAsUser -
spec.containers[*].securityContext.runAsGroup This is an alpha field and
requires the IdentifyPodOS feature
PodOS defines the OS parameters of a pod.
- name (string) Name is the name of the operating system. The currently supported values
are linux and windows. Additional value may be defined in future and can be
one of:
https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
Clients should expect to handle additional values and treat unrecognized
values in this field as os: null
-
- overhead (map[string]string) Overhead represents the resource overhead associated with running a pod for
a given RuntimeClass. This field will be autopopulated at admission time by
the RuntimeClass admission controller. If the RuntimeClass admission
controller is enabled, overhead must not be set in Pod create requests. The
RuntimeClass admission controller will reject Pod create requests which
have the overhead already set. If RuntimeClass is configured and selected
in the PodSpec, Overhead will be set to the value defined in the
corresponding RuntimeClass, otherwise it will remain unset and treated as
zero. More info:
https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
This field is beta-level as of Kubernetes v1.18, and is only honored by
servers that enable the PodOverhead feature.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- preemptionPolicy (string) PreemptionPolicy is the Policy for preempting pods with lower priority. One
of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
This field is beta-level, gated by the NonPreemptingPriority feature-gate.
- priority (integer) The priority value. Various system components use this field to find the
priority of the pod. When Priority Admission Controller is enabled, it
prevents users from setting this field. The admission controller populates
this field from PriorityClassName. The higher the value, the higher the
priority.
- priorityClassName (string) If specified, indicates the pod's priority. "system-node-critical" and
"system-cluster-critical" are two special keywords which indicate the
highest priorities with the former being the highest priority. Any other
name must be defined by creating a PriorityClass object with that name. If
not specified, the pod priority will be default or zero if there is no
default.
-
readinessGates ([]Object) If specified, all readiness gates will be evaluated for pod readiness. A
pod is ready when all its containers are ready AND all conditions specified
in the readiness gates have status equal to "True" More info:
https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
PodReadinessGate contains the reference to a pod condition
- conditionType (string) ConditionType refers to a condition in the pod's condition list with
matching type.
-
- restartPolicy (string) Restart policy for all containers within the pod. One of Always, OnFailure,
Never. Default to Always. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
- runtimeClassName (string) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group,
which should be used to run this pod. If no RuntimeClass resource matches
the named class, the pod will not be run. If unset or empty, the "legacy"
RuntimeClass will be used, which is an implicit class with an empty
definition that uses the default runtime handler. More info:
https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class This is a
beta feature as of Kubernetes v1.14.
- schedulerName (string) If specified, the pod will be dispatched by specified scheduler. If not
specified, the pod will be dispatched by default scheduler.
-
securityContext (Object) SecurityContext holds pod-level security attributes and common container
settings. Optional: Defaults to empty. See type description for default
values of each field.
PodSecurityContext holds pod-level security attributes and common container
settings. Some fields are also present in container.securityContext. Field
values of container.securityContext take precedence over field values of
PodSecurityContext.
- fsGroup (integer) A special supplemental group that applies to all containers in a pod. Some
volume types allow the Kubelet to change the ownership of that volume to be
owned by the pod:
1. The owning GID will be the FSGroup 2. The setgid bit is set (new files
created in the volume will be owned by FSGroup) 3. The permission bits are
OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any
volume. Note that this field cannot be set when spec.os.name is windows.
- fsGroupChangePolicy (string) fsGroupChangePolicy defines behavior of changing ownership and permission
of the volume before being exposed inside Pod. This field will only apply
to volume types which support fsGroup based ownership(and permissions). It
will have no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always". If not
specified, "Always" is used. Note that this field cannot be set when
spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence for that container.
Note that this field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to all containers. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by the containers in this pod. Note that this
field cannot be set when spec.os.name is windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
- supplementalGroups ([]integer) A list of groups applied to the first process run in each container, in
addition to the container's primary GID. If unspecified, no groups will be
added to any container. Note that this field cannot be set when
spec.os.name is windows.
-
sysctls ([]Object) Sysctls hold a list of namespaced sysctls used for the pod. Pods with
unsupported sysctls (by the container runtime) might fail to launch. Note
that this field cannot be set when spec.os.name is windows.
Sysctl defines a kernel parameter to be set
- name (string) Name of a property to set
- value (string) Value of a property to set
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options within a container's SecurityContext will be used. If set in
both SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
- serviceAccount (string) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
Deprecated: Use serviceAccountName instead.
- serviceAccountName (string) ServiceAccountName is the name of the ServiceAccount to use to run this
pod. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- setHostnameAsFQDN (boolean) If true the pod's hostname will be configured as the pod's FQDN, rather
than the leaf name (the default). In Linux containers, this means setting
the FQDN in the hostname field of the kernel (the nodename field of struct
utsname). In Windows containers, this means setting the registry value of
hostname for the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to
FQDN. If a pod does not have FQDN, this has no effect. Default to false.
- shareProcessNamespace (boolean) Share a single process namespace between all of the containers in a pod.
When this is set containers will be able to view and signal processes from
other containers in the same pod, and the first process in each container
will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both
be set. Optional: Default to false.
- subdomain (string) If specified, the fully qualified Pod hostname will be
"(hostname).(subdomain).(pod namespace).svc.(cluster domain)". If not
specified, the pod will not have a domainname at all.
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully. May be
decreased in delete request. Value must be non-negative integer. The value
zero indicates stop immediately via the kill signal (no opportunity to shut
down). If this value is nil, the default grace period will be used instead.
The grace period is the duration in seconds after the processes running in
the pod are sent a termination signal and the time when the processes are
forcibly halted with a kill signal. Set this value longer than the expected
cleanup time for your process. Defaults to 30 seconds.
-
tolerations ([]Object) If specified, the pod's tolerations.
The pod this Toleration is attached to tolerates any taint that matches the
triple (key,value,effect) using the matching operator (operator).
- effect (string) Effect indicates the taint effect to match. Empty means match all taint
effects. When specified, allowed values are NoSchedule, PreferNoSchedule
and NoExecute.
- key (string) Key is the taint key that the toleration applies to. Empty means match all
taint keys. If the key is empty, operator must be Exists; this combination
means to match all values and all keys.
- operator (string) Operator represents a key's relationship to the value. Valid operators are
Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for
value, so that a pod can tolerate all taints of a particular category.
- tolerationSeconds (integer) TolerationSeconds represents the period of time the toleration (which must
be of effect NoExecute, otherwise this field is ignored) tolerates the
taint. By default, it is not set, which means tolerate the taint forever
(do not evict). Zero and negative values will be treated as 0 (evict
immediately) by the system.
- value (string) Value is the taint value the toleration matches to. If the operator is
Exists, the value should be empty, otherwise just a regular string.
-
-
topologySpreadConstraints ([]Object) TopologySpreadConstraints describes how a group of pods ought to spread
across topology domains. Scheduler will schedule pods in a way which abides
by the constraints. All topologySpreadConstraints are ANDed.
TopologySpreadConstraint specifies how to spread matching pods among the
given topology.
-
labelSelector (Object) LabelSelector is used to find matching pods. Pods that match this label
selector are counted to determine the number of pods in their corresponding
topology domain.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- maxSkew (integer) MaxSkew describes the degree to which pods may be unevenly distributed.
When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted
difference between the number of matching pods in the target topology and
the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1,
and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 |
zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled
to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the
ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2,
incoming pod can be scheduled onto any zone. When
`whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to
topologies that satisfy it. It's a required field. Default value is 1 and 0
is not allowed.
- topologyKey (string) TopologyKey is the key of node labels. Nodes that have a label with this
key and identical values are considered to be in the same topology. We
consider each (key, value) as a "bucket", and try to put balanced number of
pods into each bucket. It's a required field.
- whenUnsatisfiable (string) WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
the spread constraint. - DoNotSchedule (default) tells the scheduler not to
schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in
any location, but giving higher precedence to topologies that would help
reduce the skew. A constraint is considered "Unsatisfiable" for an incoming
pod if and only if every possible node assignment for that pod would
violate "MaxSkew" on some topology. For example, in a 3-zone cluster,
MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:
| zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to
DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become
3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In
other words, the cluster can still be imbalanced, but scheduler won't make
it *more* imbalanced. It's a required field.
-
-
volumes ([]Object) List of volumes that can be mounted by containers belonging to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes
Volume represents a named volume in a pod that may be accessed by any
container in the pod.
-
awsElasticBlockStore (Object) AWSElasticBlockStore represents an AWS Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
Represents a Persistent Disk resource in AWS.
An AWS EBS disk must exist before mounting to a container. The disk must
also be in the same AWS zone as the kubelet. An AWS EBS disk can only be
mounted as read/write once. AWS EBS volumes support ownership management
and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty).
- readOnly (boolean) Specify "true" to force and set the ReadOnly property in VolumeMounts to
"true". If omitted, the default is "false". More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- volumeID (string) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More
info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-
azureDisk (Object) AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
- cachingMode (string) Host Caching mode: None, Read Only, Read Write.
- diskName (string) The Name of the data disk in the blob storage
- diskURI (string) The URI the data disk in the blob storage
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- kind (string) Expected values Shared: multiple blob disks per storage account Dedicated:
single blob disk per storage account Managed: azure managed data disk (only
in managed availability set). defaults to shared
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
-
azureFile (Object) AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- secretName (string) the name of secret that contains Azure Storage Account Name and Key
- shareName (string) Share Name
-
-
cephfs (Object) CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs
volumes do not support ownership management or SELinux relabeling.
- monitors ([]string) Required: Monitors is a collection of Ceph monitors More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- path (string) Optional: Used as the mounted root, rather than the full Ceph tree, default
is /
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- secretFile (string) Optional: SecretFile is the path to key ring for User, default is
/etc/ceph/user.secret More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
secretRef (Object) Optional: SecretRef is reference to the authentication secret for User,
default is empty. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) Optional: User is the rados user name, default is admin More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-
cinder (Object) Cinder represents a cinder volume attached and mounted on kubelets host
machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
Represents a cinder volume resource in Openstack. A Cinder volume must
exist before mounting to a container. The volume must also be in the same
region as the kubelet. Cinder volumes support ownership management and
SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
be "ext4" if unspecified. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
secretRef (Object) Optional: points to a secret object containing parameters used to connect
to OpenStack.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeID (string) volume id used to identify the volume in cinder. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
-
configMap (Object) ConfigMap represents a configMap that should populate this volume
Adapts a ConfigMap into a volume.
The contents of the target ConfigMap's Data field will be presented in a
volume as files using the keys in the Data field as the file names, unless
the items element is populated with specific mappings of keys to paths.
ConfigMap volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
csi (Object) CSI (Container Storage Interface) represents ephemeral storage that is
handled by certain external CSI drivers (Beta feature).
Represents a source location of a volume to mount, managed by an external
CSI driver
- driver (string) Driver is the name of the CSI driver that handles this volume. Consult with
your admin for the correct name as registered in the cluster.
- fsType (string) Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the
empty value is passed to the associated CSI driver which will determine the
default filesystem to apply.
-
nodePublishSecretRef (Object) NodePublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls. This field is optional,
and may be empty if no secret is required. If the secret object contains
more than one secret, all secret references are passed.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- readOnly (boolean) Specifies a read-only configuration for the volume. Defaults to false
(read/write).
- volumeAttributes (map[string]string) VolumeAttributes stores driver-specific properties that are passed to the
CSI driver. Consult your driver's documentation for supported values.
-
-
downwardAPI (Object) DownwardAPI represents downward API about the pod that should populate this
volume
DownwardAPIVolumeSource represents a volume containing downward API info.
Downward API volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits to use on created files by default. Must be a Optional:
mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) Items is a list of downward API volume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
emptyDir (Object) EmptyDir represents a temporary directory that shares a pod's lifetime.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
Represents an empty directory for a pod. Empty directory volumes support
ownership management and SELinux relabeling.
- medium (string) What type of storage medium should back this directory. The default is ""
which means to use the node's default medium. Must be an empty string
(default) or Memory. More info:
https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- sizeLimit (string) Total amount of local storage required for this EmptyDir volume. The size
limit is also applicable for memory medium. The maximum usage on memory
medium EmptyDir would be the minimum value between the SizeLimit specified
here and the sum of memory limits of all containers in a pod. The default
is nil which means that the limit is undefined. More info:
http://kubernetes.io/docs/user-guide/volumes#emptydir
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
ephemeral (Object) Ephemeral represents a volume that is handled by a cluster storage driver.
The volume's lifecycle is tied to the pod that defines it - it will be
created before the pod starts, and deleted when the pod is removed.
Use this if: a) the volume is only needed while the pod runs, b) features
of normal volumes like restoring from snapshot or capacity tracking are
needed, c) the storage driver is specified through a storage class, and d)
the storage driver supports dynamic volume provisioning through a
PersistentVolumeClaim (see EphemeralVolumeSource for more information on
the connection between this volume type and PersistentVolumeClaim).
Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes
that persist for longer than the lifecycle of an individual pod.
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant
to be used that way - see the documentation of the driver for more
information.
A pod can use both types of ephemeral volumes and persistent volumes at the
same time.
Represents an ephemeral volume that is handled by a normal storage driver.
-
volumeClaimTemplate (Object) Will be used to create a stand-alone PVC to provision the volume. The pod
in which this EphemeralVolumeSource is embedded will be the owner of the
PVC, i.e. the PVC will be deleted together with the pod. The name of the
PVC will be `(pod name)-(volume name)` where `(volume name)` is the name
from the `PodSpec.Volumes` array entry. Pod validation will reject the pod
if the concatenated name is not valid for a PVC (for example, too long).
An existing PVC with that name that is not owned by the pod will *not* be
used for the pod to avoid using an unrelated volume by mistake. Starting
the pod is then blocked until the unrelated PVC is removed. If such a
pre-created PVC is meant to be used by the pod, the PVC has to updated with
an owner reference to the pod once the pod exists. Normally this should not
be necessary, but it may be useful when manually reconstructing a broken
cluster.
This field is read-only and no changes will be made by Kubernetes to the
PVC after it has been created.
Required, must not be nil.
PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim
objects as part of an EphemeralVolumeSource.
-
metadata (Object) May contain labels and annotations that will be copied into the PVC when
creating it. No other fields are allowed and will be rejected during
validation.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) The specification for the PersistentVolumeClaim. The entire content is
copied unchanged into the PVC that gets created from this template. The
same fields as in a PersistentVolumeClaim are also valid here.
PersistentVolumeClaimSpec describes the common attributes of storage
devices and allows a Source for provider-specific attributes
- accessModes ([]string) AccessModes contains the desired access modes the volume should have. More
info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-
dataSource (Object) This field can be used to specify either: * An existing VolumeSnapshot
object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC
(PersistentVolumeClaim) If the provisioner or an external controller can
support the specified data source, it will create a new volume based on the
contents of the specified data source. If the AnyVolumeDataSource feature
gate is enabled, this field will always have the same contents as the
DataSourceRef field.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
dataSourceRef (Object) Specifies the object from which to populate the volume with data, if a
non-empty volume is desired. This may be any local object from a non-empty
API group (non core object) or a PersistentVolumeClaim object. When this
field is specified, volume binding will only succeed if the type of the
specified object matches some installed volume populator or dynamic
provisioner. This field will replace the functionality of the DataSource
field and as such if both fields are non-empty, they must have the same
value. For backwards compatibility, both fields (DataSource and
DataSourceRef) will be set to the same value automatically if one of them
is empty and the other is non-empty. There are two important differences
between DataSource and DataSourceRef: * While DataSource only allows two
specific types of objects, DataSourceRef allows any non-core object, as
well as PersistentVolumeClaim objects.
* While DataSource ignores disallowed values (dropping them), DataSourceRef
preserves all values, and generates an error if a disallowed value is
specified. (Alpha) Using this field requires the AnyVolumeDataSource
feature gate to be enabled.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
resources (Object) Resources represents the minimum resources the volume should have. If
RecoverVolumeExpansionFailure feature is enabled users are allowed to
specify resource requirements that are lower than previous value but must
still be higher than capacity recorded in the status field of the claim.
More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
selector (Object) A label query over volumes to consider for binding.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- storageClassName (string) Name of the StorageClass required by the claim. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- volumeMode (string) volumeMode defines what type of volume is required by the claim. Value of
Filesystem is implied when not included in claim spec.
- volumeName (string) VolumeName is the binding reference to the PersistentVolume backing this
claim.
-
-
-
-
fc (Object) FC represents a Fibre Channel resource that is attached to a kubelet's host
machine and then exposed to the pod.
Represents a Fibre Channel volume. Fibre Channel volumes can only be
mounted as read/write once. Fibre Channel volumes support ownership
management and SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- lun (integer) Optional: FC target lun number
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
- targetWWNs ([]string) Optional: FC target worldwide names (WWNs)
- wwids ([]string) Optional: FC volume world wide identifiers (wwids) Either wwids or
combination of targetWWNs and lun must be set, but not both simultaneously.
-
-
flexVolume (Object) FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
- driver (string) Driver is the name of the driver to use for this volume.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends
on FlexVolume script.
- options (map[string]string) Optional: Extra command options if any.
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
-
secretRef (Object) Optional: SecretRef is reference to the secret object containing sensitive
information to pass to the plugin scripts. This may be empty if no secret
object is specified. If the secret object contains more than one secret,
all secrets are passed to the plugin scripts.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
flocker (Object) Flocker represents a Flocker volume attached to a kubelet's host machine.
This depends on the Flocker control service being running
Represents a Flocker volume mounted by the Flocker agent. One and only one
of datasetName and datasetUUID should be set. Flocker volumes do not
support ownership management or SELinux relabeling.
- datasetName (string) Name of the dataset stored as metadata -) name on the dataset for Flocker
should be considered as deprecated
- datasetUUID (string) UUID of the dataset. This is unique identifier of a Flocker dataset
-
-
gcePersistentDisk (Object) GCEPersistentDisk represents a GCE Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
Represents a Persistent Disk resource in Google Compute Engine.
A GCE PD must exist before mounting to a container. The disk must also be
in the same GCE project and zone as the kubelet. A GCE PD can only be
mounted as read/write once or read-only many times. GCE PDs support
ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty). More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- pdName (string) Unique name of the PD resource in GCE. Used to identify the disk in GCE.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-
gitRepo (Object) GitRepo represents a git repository at a particular revision. DEPRECATED:
GitRepo is deprecated. To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo using git, then mount
the EmptyDir into the Pod's container.
Represents a volume that is populated with the contents of a git
repository. Git repo volumes do not support ownership management. Git repo
volumes support SELinux relabeling.
DEPRECATED: GitRepo is deprecated. To provision a container with a git
repo, mount an EmptyDir into an InitContainer that clones the repo using
git, then mount the EmptyDir into the Pod's container.
- directory (string) Target directory name. Must not contain or start with '..'. If '.' is
supplied, the volume directory will be the git repository. Otherwise, if
specified, the volume will contain the git repository in the subdirectory
with the given name.
- repository (string) Repository URL
- revision (string) Commit hash for the specified revision.
-
-
glusterfs (Object) Glusterfs represents a Glusterfs mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs
volumes do not support ownership management or SELinux relabeling.
- endpoints (string) EndpointsName is the endpoint name that details Glusterfs topology. More
info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- path (string) Path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- readOnly (boolean) ReadOnly here will force the Glusterfs volume to be mounted with read-only
permissions. Defaults to false. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-
hostPath (Object) HostPath represents a pre-existing file or directory on the host machine
that is directly exposed to the container. This is generally used for
system agents or other privileged things that are allowed to see the host
machine. Most containers will NOT need this. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
Represents a host path mapped into a pod. Host path volumes do not support
ownership management or SELinux relabeling.
- path (string) Path of the directory on the host. If the path is a symlink, it will follow
the link to the real path. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- type (string) Type for HostPath Volume Defaults to "" More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-
iscsi (Object) ISCSI represents an ISCSI Disk resource that is attached to a kubelet's
host machine and then exposed to the pod. More info:
https://examples.k8s.io/volumes/iscsi/README.md
Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write
once. ISCSI volumes support ownership management and SELinux relabeling.
- chapAuthDiscovery (boolean) whether support iSCSI Discovery CHAP authentication
- chapAuthSession (boolean) whether support iSCSI Session CHAP authentication
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- initiatorName (string) Custom iSCSI Initiator Name. If initiatorName is specified with
iscsiInterface simultaneously, new iSCSI interface (target portal):(volume
name) will be created for the connection.
- iqn (string) Target iSCSI Qualified Name.
- iscsiInterface (string) iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default'
(tcp).
- lun (integer) iSCSI Target Lun number.
- portals ([]string) iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the
port is other than default (typically TCP ports 860 and 3260).
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false.
-
secretRef (Object) CHAP Secret for iSCSI target and initiator authentication
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- targetPortal (string) iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
is other than default (typically TCP ports 860 and 3260).
-
- name (string) Volume's name. Must be a DNS_LABEL and unique within the pod. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
nfs (Object) NFS represents an NFS mount on the host that shares a pod's lifetime More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do
not support ownership management or SELinux relabeling.
- path (string) Path that is exported by the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- readOnly (boolean) ReadOnly here will force the NFS export to be mounted with read-only
permissions. Defaults to false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- server (string) Server is the hostname or IP address of the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-
persistentVolumeClaim (Object) PersistentVolumeClaimVolumeSource represents a reference to a
PersistentVolumeClaim in the same namespace. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
PersistentVolumeClaimVolumeSource references the user's PVC in the same
namespace. This volume finds the bound PV and mounts that volume for the
pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around
another type of volume that is owned by someone else (the system).
- claimName (string) ClaimName is the name of a PersistentVolumeClaim in the same namespace as
the pod using this volume. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- readOnly (boolean) Will force the ReadOnly setting in VolumeMounts. Default false.
-
-
photonPersistentDisk (Object) PhotonPersistentDisk represents a PhotonController persistent disk attached
and mounted on kubelets host machine
Represents a Photon Controller persistent disk resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- pdID (string) ID that identifies Photon Controller persistent disk
-
-
portworxVolume (Object) PortworxVolume represents a portworx volume attached and mounted on
kubelets host machine
PortworxVolumeSource represents a Portworx volume resource.
- fsType (string) FSType represents the filesystem type to mount Must be a filesystem type
supported by the host operating system. Ex. "ext4", "xfs". Implicitly
inferred to be "ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- volumeID (string) VolumeID uniquely identifies a Portworx volume
-
-
projected (Object) Items for all in one resources secrets, configmaps, and downward API
Represents a projected volume source
- defaultMode (integer) Mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Directories within the path are not affected by this
setting. This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
-
sources ([]Object) list of volume projections
Projection that may be projected along with other supported volume types
-
configMap (Object) information about the configMap data to project
Adapts a ConfigMap into a projected volume.
The contents of the target ConfigMap's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names, unless the items element is populated with specific mappings of keys
to paths. Note that this is identical to a configmap volume source without
the default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
downwardAPI (Object) information about the downwardAPI data to project
Represents downward API info for projecting into a projected volume. Note
that this is identical to a downwardAPI volume source without the default
mode.
-
items ([]Object) Items is a list of DownwardAPIVolume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
secret (Object) information about the secret data to project
Adapts a secret into a projected volume.
The contents of the target Secret's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names. Note that this is identical to a secret volume source without the
default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
serviceAccountToken (Object) information about the serviceAccountToken data to project
ServiceAccountTokenProjection represents a projected service account token
volume. This projection can be used to insert a service account token into
the pods runtime filesystem for use against APIs (Kubernetes API Server or
otherwise).
- audience (string) Audience is the intended audience of the token. A recipient of a token must
identify itself with an identifier specified in the audience of the token,
and otherwise should reject the token. The audience defaults to the
identifier of the apiserver.
- expirationSeconds (integer) ExpirationSeconds is the requested duration of validity of the service
account token. As the token approaches expiration, the kubelet volume
plugin will proactively rotate the service account token. The kubelet will
start trying to rotate the token if the token is older than 80 percent of
its time to live or if the token is older than 24 hours.Defaults to 1 hour
and must be at least 10 minutes.
- path (string) Path is the path relative to the mount point of the file to project the
token into.
-
-
-
-
quobyte (Object) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte
volumes do not support ownership management or SELinux relabeling.
- group (string) Group to map volume access to Default is no group
- readOnly (boolean) ReadOnly here will force the Quobyte volume to be mounted with read-only
permissions. Defaults to false.
- registry (string) Registry represents a single or multiple Quobyte Registry services
specified as a string as host:port pair (multiple entries are separated
with commas) which acts as the central registry for volumes
- tenant (string) Tenant owning the given Quobyte volume in the Backend Used with dynamically
provisioned Quobyte volumes, value is set by the plugin
- user (string) User to map volume access to Defaults to serivceaccount user
- volume (string) Volume is a string that references an already created Quobyte volume by
name.
-
-
rbd (Object) RBD represents a Rados Block Device mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD
volumes support ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- image (string) The rados image name. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- keyring (string) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- monitors ([]string) A collection of Ceph monitors. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- pool (string) The rados pool name. Default is rbd. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
secretRef (Object) SecretRef is name of the authentication secret for RBDUser. If provided
overrides keyring. Default is nil. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) The rados user name. Default is admin. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-
scaleIO (Object) ScaleIO represents a ScaleIO persistent volume attached and mounted on
Kubernetes nodes.
ScaleIOVolumeSource represents a persistent ScaleIO volume
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
- gateway (string) The host address of the ScaleIO API Gateway.
- protectionDomain (string) The name of the ScaleIO Protection Domain for the configured storage.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef references to the secret for ScaleIO user and other sensitive
information. If this is not provided, Login operation will fail.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- sslEnabled (boolean) Flag to enable/disable SSL communication with Gateway, default false
- storageMode (string) Indicates whether the storage for a volume should be ThickProvisioned or
ThinProvisioned. Default is ThinProvisioned.
- storagePool (string) The ScaleIO Storage Pool associated with the protection domain.
- system (string) The name of the storage system as configured in ScaleIO.
- volumeName (string) The name of a volume already created in the ScaleIO system that is
associated with this volume source.
-
-
secret (Object) Secret represents a secret that should populate this volume. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
Adapts a Secret into a volume.
The contents of the target Secret's Data field will be presented in a
volume as files using the keys in the Data field as the file names. Secret
volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- optional (boolean) Specify whether the Secret or its keys must be defined
- secretName (string) Name of the secret in the pod's namespace to use. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
-
-
storageos (Object) StorageOS represents a StorageOS volume attached and mounted on Kubernetes
nodes.
Represents a StorageOS persistent volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef specifies the secret to use for obtaining the StorageOS API
credentials. If not specified, default values will be attempted.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeName (string) VolumeName is the human-readable name of the StorageOS volume. Volume names
are only unique within a namespace.
- volumeNamespace (string) VolumeNamespace specifies the scope of the volume within StorageOS. If no
namespace is specified then the Pod's namespace will be used. This allows
the Kubernetes name scoping to be mirrored within StorageOS for tighter
integration. Set VolumeName to any name to override the default behaviour.
Set to "default" if you are not using namespaces within StorageOS.
Namespaces that do not pre-exist within StorageOS will be created.
-
-
vsphereVolume (Object) VsphereVolume represents a vSphere volume attached and mounted on kubelets
host machine
Represents a vSphere volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- storagePolicyID (string) Storage Policy Based Management (SPBM) profile ID associated with the
StoragePolicyName.
- storagePolicyName (string) Storage Policy Based Management (SPBM) profile name.
- volumePath (string) Path that identifies vSphere volume vmdk
-
-
-
-
-
updateStrategy (Object) An update strategy to replace existing DaemonSet pods with new pods.
DaemonSetUpdateStrategy is a struct used to control the update strategy for
a DaemonSet.
-
rollingUpdate (Object) Rolling update config params. Present only if type = "RollingUpdate".
Spec to control the desired behavior of daemon set rolling update.
- maxSurge (string) The maximum number of nodes with an existing available DaemonSet pod that
can have an updated DaemonSet pod during during an update. Value can be an
absolute number (ex: 5) or a percentage of desired pods (ex:
10%!)(MISSING). This can not be 0 if MaxUnavailable is 0. Absolute number
is calculated from percentage by rounding up to a minimum of 1. Default
value is 0. Example: when this is set to 30%!,(MISSING) at most
30%!o(MISSING)f the total number of nodes that should be running the daemon
pod (i.e. status.desiredNumberScheduled) can have their a new pod created
before the old pod is marked as deleted. The update starts by launching new
pods on 30%!o(MISSING)f nodes. Once an updated pod is available (Ready for
at least minReadySeconds) the old DaemonSet pod on that node is marked
deleted. If the old pod becomes unavailable for any reason (Ready
transitions to false, is evicted, or is drained) an updated pod is
immediatedly created on that node without considering surge limits.
Allowing surge implies the possibility that the resources consumed by the
daemonset on any given node can double if the readiness check fails, and so
resource intensive daemonsets should take into account that they may cause
evictions during disruption. This is beta field and enabled/disabled by
DaemonSetUpdateSurge feature gate.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- maxUnavailable (string) The maximum number of DaemonSet pods that can be unavailable during the
update. Value can be an absolute number (ex: 5) or a percentage of total
number of DaemonSet pods at the start of the update (ex: 10%!)(MISSING).
Absolute number is calculated from percentage by rounding up. This cannot
be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to
30%!,(MISSING) at most 30%!o(MISSING)f the total number of nodes that
should be running the daemon pod (i.e. status.desiredNumberScheduled) can
have their pods stopped for an update at any given time. The update starts
by stopping at most 30%!o(MISSING)f those DaemonSet pods and then brings up
new DaemonSet pods in their place. Once the new pods are available, it then
proceeds onto other DaemonSet pods, thus ensuring that at least
70%!o(MISSING)f original number of DaemonSet pods are available at all
times during the update.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- type (string) Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is
RollingUpdate.
-
-
-
status (Object) The current status of this daemon set. This data may be out of date by some
window of time. Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
DaemonSetStatus represents the current status of a daemon set.
- collisionCount (integer) Count of hash collisions for the DaemonSet. The DaemonSet controller uses
this field as a collision avoidance mechanism when it needs to create the
name for the newest ControllerRevision.
-
conditions ([]Object) Represents the latest available observations of a DaemonSet's current
state.
DaemonSetCondition describes the state of a DaemonSet at a certain point.
- lastTransitionTime (string) Last time the condition transitioned from one status to another.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) A human readable message indicating details about the transition.
- reason (string) The reason for the condition's last transition.
- status (string) Status of the condition, one of True, False, Unknown.
- type (string) Type of DaemonSet condition.
-
- currentNumberScheduled (integer) The number of nodes that are running at least 1 daemon pod and are supposed
to run the daemon pod. More info:
https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
- desiredNumberScheduled (integer) The total number of nodes that should be running the daemon pod (including
nodes correctly running the daemon pod). More info:
https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
- numberAvailable (integer) The number of nodes that should be running the daemon pod and have one or
more of the daemon pod running and available (ready for at least
spec.minReadySeconds)
- numberMisscheduled (integer) The number of nodes that are running the daemon pod, but are not supposed
to run the daemon pod. More info:
https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
- numberReady (integer) numberReady is the number of nodes that should be running the daemon pod
and have one or more of the daemon pod running with a Ready Condition.
- numberUnavailable (integer) The number of nodes that should be running the daemon pod and have none of
the daemon pod running and available (ready for at least
spec.minReadySeconds)
- observedGeneration (integer) The most recent generation observed by the daemon set controller.
- updatedNumberScheduled (integer) The total number of nodes that are running updated daemon pod
-
-
-
StatefulSet StatefulSet represents a set of pods with consistent identities. Identities
are defined as:
- Network: A single stable DNS and hostname.
- Storage: As many VolumeClaims as requested. The StatefulSet guarantees
that a given network identity will always map to the same storage identity.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec defines the desired identities of pods in this set.
A StatefulSetSpec is the specification of a StatefulSet.
- minReadySeconds (integer) Minimum number of seconds for which a newly created pod should be ready
without any of its container crashing for it to be considered available.
Defaults to 0 (pod will be considered available as soon as it is ready)
This is an alpha field and requires enabling StatefulSetMinReadySeconds
feature gate.
-
persistentVolumeClaimRetentionPolicy (Object) persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent
volume claims created from volumeClaimTemplates. By default, all persistent
volume claims are created as needed and retained until manually deleted.
This policy allows the lifecycle to be altered, for example by deleting
persistent volume claims when their stateful set is deleted, or when their
pod is scaled down. This requires the StatefulSetAutoDeletePVC feature gate
to be enabled, which is alpha. +optional
StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used
for PVCs created from the StatefulSet VolumeClaimTemplates.
- whenDeleted (string) WhenDeleted specifies what happens to PVCs created from StatefulSet
VolumeClaimTemplates when the StatefulSet is deleted. The default policy of
`Retain` causes PVCs to not be affected by StatefulSet deletion. The
`Delete` policy causes those PVCs to be deleted.
- whenScaled (string) WhenScaled specifies what happens to PVCs created from StatefulSet
VolumeClaimTemplates when the StatefulSet is scaled down. The default
policy of `Retain` causes PVCs to not be affected by a scaledown. The
`Delete` policy causes the associated PVCs for any excess pods above the
replica count to be deleted.
-
- podManagementPolicy (string) podManagementPolicy controls how pods are created during initial scale up,
when replacing pods on nodes, or when scaling down. The default policy is
`OrderedReady`, where pods are created in increasing order (pod-0, then
pod-1, etc) and the controller will wait until each pod is ready before
continuing. When scaling down, the pods are removed in the opposite order.
The alternative policy is `Parallel` which will create pods in parallel to
match the desired scale without waiting, and on scale down will delete all
pods at once.
- replicas (integer) replicas is the desired number of replicas of the given Template. These are
replicas in the sense that they are instantiations of the same Template,
but individual replicas also have a consistent identity. If unspecified,
defaults to 1.
- revisionHistoryLimit (integer) revisionHistoryLimit is the maximum number of revisions that will be
maintained in the StatefulSet's revision history. The revision history
consists of all revisions not represented by a currently applied
StatefulSetSpec version. The default value is 10.
-
selector (Object) selector is a label query over pods that should match the replica count. It
must match the pod template's labels. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- serviceName (string) serviceName is the name of the service that governs this StatefulSet. This
service must exist before the StatefulSet, and is responsible for the
network identity of the set. Pods get DNS/hostnames that follow the
pattern: pod-specific-string.serviceName.default.svc.cluster.local where
"pod-specific-string" is managed by the StatefulSet controller.
-
template (Object) template is the object that describes the pod that will be created if
insufficient replicas are detected. Each pod stamped out by the StatefulSet
will fulfill this Template, but have a unique identity from the rest of the
StatefulSet.
PodTemplateSpec describes the data a pod should have when created from a
template
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
PodSpec is a description of a pod.
- activeDeadlineSeconds (integer) Optional duration in seconds the pod may be active on the node relative to
StartTime before the system will actively try to mark it failed and kill
associated containers. Value must be a positive integer.
-
affinity (Object) If specified, the pod's scheduling constraints
Affinity is a group of affinity scheduling rules.
-
nodeAffinity (Object) Describes node affinity scheduling rules for the pod.
Node affinity is a group of node affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node matches
the corresponding matchExpressions; the node(s) with the highest sum are
the most preferred.
An empty preferred scheduling term matches all objects with implicit weight
0 (i.e. it's a no-op). A null preferred scheduling term matches no objects
(i.e. is also a no-op).
-
preference (Object) A node selector term, associated with the corresponding weight.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
- weight (integer) Weight associated with matching the corresponding nodeSelectorTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution (Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to an update), the system may or may not try
to eventually evict the pod from its node.
A node selector represents the union of the results of one or more label
queries over a set of nodes; that is, it represents the OR of the selectors
represented by the node selector terms.
-
nodeSelectorTerms ([]Object) Required. A list of node selector terms. The terms are ORed.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
-
-
-
podAffinity (Object) Describes pod affinity scheduling rules (e.g. co-locate this pod in the
same node, zone, etc. as some other pod(s)).
Pod affinity is a group of inter pod affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node has pods
which matches the corresponding podAffinityTerm; the node(s) with the
highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to a pod label update), the system may or
may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
podAntiAffinity (Object) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod
in the same node, zone, etc. as some other pod(s)).
Pod anti affinity is a group of inter pod anti affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
anti-affinity expressions specified by this field, but it may choose a node
that violates one or more of the expressions. The node that is most
preferred is the one with the greatest sum of weights, i.e. for each node
that meets all of the scheduling requirements (resource request,
requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by
iterating through the elements of this field and adding "weight" to the sum
if the node has pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the anti-affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
anti-affinity requirements specified by this field cease to be met at some
point during pod execution (e.g. due to a pod label update), the system may
or may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
- automountServiceAccountToken (boolean) AutomountServiceAccountToken indicates whether a service account token
should be automatically mounted.
-
containers ([]Object) List of containers belonging to the pod. Containers cannot currently be
added or removed. There must be at least one container in a Pod. Cannot be
updated.
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
dnsConfig (Object) Specifies the DNS parameters of a pod. Parameters specified here will be
merged to the generated DNS configuration based on DNSPolicy.
PodDNSConfig defines the DNS parameters of a pod in addition to those
generated from DNSPolicy.
- nameservers ([]string) A list of DNS name server IP addresses. This will be appended to the base
nameservers generated from DNSPolicy. Duplicated nameservers will be
removed.
-
options ([]Object) A list of DNS resolver options. This will be merged with the base options
generated from DNSPolicy. Duplicated entries will be removed. Resolution
options given in Options will override those that appear in the base
DNSPolicy.
PodDNSConfigOption defines DNS resolver options of a pod.
- name (string) Required.
- value (string) (empty)
-
- searches ([]string) A list of DNS search domains for host-name lookup. This will be appended to
the base search paths generated from DNSPolicy. Duplicated search paths
will be removed.
-
- dnsPolicy (string) Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are
'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS
parameters given in DNSConfig will be merged with the policy selected with
DNSPolicy. To have DNS options set along with hostNetwork, you have to
specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
- enableServiceLinks (boolean) EnableServiceLinks indicates whether information about services should be
injected into pod's environment variables, matching the syntax of Docker
links. Optional: Defaults to true.
-
ephemeralContainers ([]Object) List of ephemeral containers run in this pod. Ephemeral containers may be
run in an existing pod to perform user-initiated actions such as debugging.
This list cannot be specified when creating a pod, and it cannot be
modified by updating the pod spec. In order to add an ephemeral container
to an existing pod, use the pod's ephemeralcontainers subresource. This
field is beta-level and available on clusters that haven't disabled the
EphemeralContainers feature gate.
An EphemeralContainer is a temporary container that you may add to an
existing Pod for user-initiated activities such as debugging. Ephemeral
containers have no resource or scheduling guarantees, and they will not be
restarted when they exit or when a Pod is removed or restarted. The kubelet
may evict a Pod if an ephemeral container causes the Pod to exceed its
resource allocation.
To add an ephemeral container, use the ephemeralcontainers subresource of
an existing Pod. Ephemeral containers may not be removed or restarted.
This is a beta feature available on clusters that haven't disabled the
EphemeralContainers feature gate.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Lifecycle is not allowed for ephemeral containers.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the ephemeral container specified as a DNS_LABEL. This name must be
unique among all containers, init containers and ephemeral containers.
-
ports ([]Object) Ports are not allowed for ephemeral containers.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Resources are not allowed for ephemeral containers. Ephemeral containers
use spare resources already allocated to the pod.
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) Optional: SecurityContext defines the security options the ephemeral
container should be run with. If set, the fields of SecurityContext
override the equivalent fields of PodSecurityContext.
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- targetContainerName (string) If set, the name of the container from PodSpec that this ephemeral
container targets. The ephemeral container will be run in the namespaces
(IPC, PID, etc) of this container. If not set then the ephemeral container
uses the namespaces configured in the Pod spec.
The container runtime must implement support for this feature. If the
runtime does not support namespace targeting then the result of setting
this field is undefined.
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Subpath mounts are
not allowed for ephemeral containers. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
hostAliases ([]Object) HostAliases is an optional list of hosts and IPs that will be injected into
the pod's hosts file if specified. This is only valid for non-hostNetwork
pods.
HostAlias holds the mapping between IP and hostnames that will be injected
as an entry in the pod's hosts file.
- hostnames ([]string) Hostnames for the above IP address.
- ip (string) IP address of the host file entry.
-
- hostIPC (boolean) Use the host's ipc namespace. Optional: Default to false.
- hostNetwork (boolean) Host networking requested for this pod. Use the host's network namespace.
If this option is set, the ports that will be used must be specified.
Default to false.
- hostPID (boolean) Use the host's pid namespace. Optional: Default to false.
- hostname (string) Specifies the hostname of the Pod If not specified, the pod's hostname will
be set to a system-defined value.
-
imagePullSecrets ([]Object) ImagePullSecrets is an optional list of references to secrets in the same
namespace to use for pulling any of the images used by this PodSpec. If
specified, these secrets will be passed to individual puller
implementations for them to use. For example, in the case of docker, only
DockerConfig type secrets are honored. More info:
https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
initContainers ([]Object) List of initialization containers belonging to the pod. Init containers are
executed in order prior to containers being started. If any init container
fails, the pod is considered to have failed and is handled according to its
restartPolicy. The name for an init container or normal container must be
unique among all containers. Init containers may not have Lifecycle
actions, Readiness probes, Liveness probes, or Startup probes. The
resourceRequirements of an init container are taken into account during
scheduling by finding the highest request/limit for each resource type, and
then using the max of of that value or the sum of the normal containers.
Limits are applied to init containers in a similar fashion. Init containers
cannot currently be added or removed. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
- nodeName (string) NodeName is a request to schedule this pod onto a specific node. If it is
non-empty, the scheduler simply schedules this pod onto that node, assuming
that it fits resource requirements.
- nodeSelector (map[string]string) NodeSelector is a selector which must be true for the pod to fit on a node.
Selector which must match a node's labels for the pod to be scheduled on
that node. More info:
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-
os (Object) Specifies the OS of the containers in the pod. Some pod and container
fields are restricted if this is set.
If the OS field is set to linux, the following fields must be unset:
-securityContext.windowsOptions
If the OS field is set to windows, following fields must be unset: -
spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions -
spec.securityContext.seccompProfile - spec.securityContext.fsGroup -
spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls -
spec.shareProcessNamespace - spec.securityContext.runAsUser -
spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups -
spec.containers[*].securityContext.seLinuxOptions -
spec.containers[*].securityContext.seccompProfile -
spec.containers[*].securityContext.capabilities -
spec.containers[*].securityContext.readOnlyRootFilesystem -
spec.containers[*].securityContext.privileged -
spec.containers[*].securityContext.allowPrivilegeEscalation -
spec.containers[*].securityContext.procMount -
spec.containers[*].securityContext.runAsUser -
spec.containers[*].securityContext.runAsGroup This is an alpha field and
requires the IdentifyPodOS feature
PodOS defines the OS parameters of a pod.
- name (string) Name is the name of the operating system. The currently supported values
are linux and windows. Additional value may be defined in future and can be
one of:
https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
Clients should expect to handle additional values and treat unrecognized
values in this field as os: null
-
- overhead (map[string]string) Overhead represents the resource overhead associated with running a pod for
a given RuntimeClass. This field will be autopopulated at admission time by
the RuntimeClass admission controller. If the RuntimeClass admission
controller is enabled, overhead must not be set in Pod create requests. The
RuntimeClass admission controller will reject Pod create requests which
have the overhead already set. If RuntimeClass is configured and selected
in the PodSpec, Overhead will be set to the value defined in the
corresponding RuntimeClass, otherwise it will remain unset and treated as
zero. More info:
https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
This field is beta-level as of Kubernetes v1.18, and is only honored by
servers that enable the PodOverhead feature.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- preemptionPolicy (string) PreemptionPolicy is the Policy for preempting pods with lower priority. One
of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
This field is beta-level, gated by the NonPreemptingPriority feature-gate.
- priority (integer) The priority value. Various system components use this field to find the
priority of the pod. When Priority Admission Controller is enabled, it
prevents users from setting this field. The admission controller populates
this field from PriorityClassName. The higher the value, the higher the
priority.
- priorityClassName (string) If specified, indicates the pod's priority. "system-node-critical" and
"system-cluster-critical" are two special keywords which indicate the
highest priorities with the former being the highest priority. Any other
name must be defined by creating a PriorityClass object with that name. If
not specified, the pod priority will be default or zero if there is no
default.
-
readinessGates ([]Object) If specified, all readiness gates will be evaluated for pod readiness. A
pod is ready when all its containers are ready AND all conditions specified
in the readiness gates have status equal to "True" More info:
https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
PodReadinessGate contains the reference to a pod condition
- conditionType (string) ConditionType refers to a condition in the pod's condition list with
matching type.
-
- restartPolicy (string) Restart policy for all containers within the pod. One of Always, OnFailure,
Never. Default to Always. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
- runtimeClassName (string) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group,
which should be used to run this pod. If no RuntimeClass resource matches
the named class, the pod will not be run. If unset or empty, the "legacy"
RuntimeClass will be used, which is an implicit class with an empty
definition that uses the default runtime handler. More info:
https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class This is a
beta feature as of Kubernetes v1.14.
- schedulerName (string) If specified, the pod will be dispatched by specified scheduler. If not
specified, the pod will be dispatched by default scheduler.
-
securityContext (Object) SecurityContext holds pod-level security attributes and common container
settings. Optional: Defaults to empty. See type description for default
values of each field.
PodSecurityContext holds pod-level security attributes and common container
settings. Some fields are also present in container.securityContext. Field
values of container.securityContext take precedence over field values of
PodSecurityContext.
- fsGroup (integer) A special supplemental group that applies to all containers in a pod. Some
volume types allow the Kubelet to change the ownership of that volume to be
owned by the pod:
1. The owning GID will be the FSGroup 2. The setgid bit is set (new files
created in the volume will be owned by FSGroup) 3. The permission bits are
OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any
volume. Note that this field cannot be set when spec.os.name is windows.
- fsGroupChangePolicy (string) fsGroupChangePolicy defines behavior of changing ownership and permission
of the volume before being exposed inside Pod. This field will only apply
to volume types which support fsGroup based ownership(and permissions). It
will have no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always". If not
specified, "Always" is used. Note that this field cannot be set when
spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence for that container.
Note that this field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to all containers. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by the containers in this pod. Note that this
field cannot be set when spec.os.name is windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
- supplementalGroups ([]integer) A list of groups applied to the first process run in each container, in
addition to the container's primary GID. If unspecified, no groups will be
added to any container. Note that this field cannot be set when
spec.os.name is windows.
-
sysctls ([]Object) Sysctls hold a list of namespaced sysctls used for the pod. Pods with
unsupported sysctls (by the container runtime) might fail to launch. Note
that this field cannot be set when spec.os.name is windows.
Sysctl defines a kernel parameter to be set
- name (string) Name of a property to set
- value (string) Value of a property to set
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options within a container's SecurityContext will be used. If set in
both SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
- serviceAccount (string) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
Deprecated: Use serviceAccountName instead.
- serviceAccountName (string) ServiceAccountName is the name of the ServiceAccount to use to run this
pod. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- setHostnameAsFQDN (boolean) If true the pod's hostname will be configured as the pod's FQDN, rather
than the leaf name (the default). In Linux containers, this means setting
the FQDN in the hostname field of the kernel (the nodename field of struct
utsname). In Windows containers, this means setting the registry value of
hostname for the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to
FQDN. If a pod does not have FQDN, this has no effect. Default to false.
- shareProcessNamespace (boolean) Share a single process namespace between all of the containers in a pod.
When this is set containers will be able to view and signal processes from
other containers in the same pod, and the first process in each container
will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both
be set. Optional: Default to false.
- subdomain (string) If specified, the fully qualified Pod hostname will be
"(hostname).(subdomain).(pod namespace).svc.(cluster domain)". If not
specified, the pod will not have a domainname at all.
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully. May be
decreased in delete request. Value must be non-negative integer. The value
zero indicates stop immediately via the kill signal (no opportunity to shut
down). If this value is nil, the default grace period will be used instead.
The grace period is the duration in seconds after the processes running in
the pod are sent a termination signal and the time when the processes are
forcibly halted with a kill signal. Set this value longer than the expected
cleanup time for your process. Defaults to 30 seconds.
-
tolerations ([]Object) If specified, the pod's tolerations.
The pod this Toleration is attached to tolerates any taint that matches the
triple (key,value,effect) using the matching operator (operator).
- effect (string) Effect indicates the taint effect to match. Empty means match all taint
effects. When specified, allowed values are NoSchedule, PreferNoSchedule
and NoExecute.
- key (string) Key is the taint key that the toleration applies to. Empty means match all
taint keys. If the key is empty, operator must be Exists; this combination
means to match all values and all keys.
- operator (string) Operator represents a key's relationship to the value. Valid operators are
Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for
value, so that a pod can tolerate all taints of a particular category.
- tolerationSeconds (integer) TolerationSeconds represents the period of time the toleration (which must
be of effect NoExecute, otherwise this field is ignored) tolerates the
taint. By default, it is not set, which means tolerate the taint forever
(do not evict). Zero and negative values will be treated as 0 (evict
immediately) by the system.
- value (string) Value is the taint value the toleration matches to. If the operator is
Exists, the value should be empty, otherwise just a regular string.
-
-
topologySpreadConstraints ([]Object) TopologySpreadConstraints describes how a group of pods ought to spread
across topology domains. Scheduler will schedule pods in a way which abides
by the constraints. All topologySpreadConstraints are ANDed.
TopologySpreadConstraint specifies how to spread matching pods among the
given topology.
-
labelSelector (Object) LabelSelector is used to find matching pods. Pods that match this label
selector are counted to determine the number of pods in their corresponding
topology domain.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- maxSkew (integer) MaxSkew describes the degree to which pods may be unevenly distributed.
When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted
difference between the number of matching pods in the target topology and
the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1,
and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 |
zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled
to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the
ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2,
incoming pod can be scheduled onto any zone. When
`whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to
topologies that satisfy it. It's a required field. Default value is 1 and 0
is not allowed.
- topologyKey (string) TopologyKey is the key of node labels. Nodes that have a label with this
key and identical values are considered to be in the same topology. We
consider each (key, value) as a "bucket", and try to put balanced number of
pods into each bucket. It's a required field.
- whenUnsatisfiable (string) WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
the spread constraint. - DoNotSchedule (default) tells the scheduler not to
schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in
any location, but giving higher precedence to topologies that would help
reduce the skew. A constraint is considered "Unsatisfiable" for an incoming
pod if and only if every possible node assignment for that pod would
violate "MaxSkew" on some topology. For example, in a 3-zone cluster,
MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:
| zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to
DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become
3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In
other words, the cluster can still be imbalanced, but scheduler won't make
it *more* imbalanced. It's a required field.
-
-
volumes ([]Object) List of volumes that can be mounted by containers belonging to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes
Volume represents a named volume in a pod that may be accessed by any
container in the pod.
-
awsElasticBlockStore (Object) AWSElasticBlockStore represents an AWS Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
Represents a Persistent Disk resource in AWS.
An AWS EBS disk must exist before mounting to a container. The disk must
also be in the same AWS zone as the kubelet. An AWS EBS disk can only be
mounted as read/write once. AWS EBS volumes support ownership management
and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty).
- readOnly (boolean) Specify "true" to force and set the ReadOnly property in VolumeMounts to
"true". If omitted, the default is "false". More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- volumeID (string) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More
info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-
azureDisk (Object) AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
- cachingMode (string) Host Caching mode: None, Read Only, Read Write.
- diskName (string) The Name of the data disk in the blob storage
- diskURI (string) The URI the data disk in the blob storage
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- kind (string) Expected values Shared: multiple blob disks per storage account Dedicated:
single blob disk per storage account Managed: azure managed data disk (only
in managed availability set). defaults to shared
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
-
azureFile (Object) AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- secretName (string) the name of secret that contains Azure Storage Account Name and Key
- shareName (string) Share Name
-
-
cephfs (Object) CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs
volumes do not support ownership management or SELinux relabeling.
- monitors ([]string) Required: Monitors is a collection of Ceph monitors More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- path (string) Optional: Used as the mounted root, rather than the full Ceph tree, default
is /
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- secretFile (string) Optional: SecretFile is the path to key ring for User, default is
/etc/ceph/user.secret More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
secretRef (Object) Optional: SecretRef is reference to the authentication secret for User,
default is empty. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) Optional: User is the rados user name, default is admin More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-
cinder (Object) Cinder represents a cinder volume attached and mounted on kubelets host
machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
Represents a cinder volume resource in Openstack. A Cinder volume must
exist before mounting to a container. The volume must also be in the same
region as the kubelet. Cinder volumes support ownership management and
SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
be "ext4" if unspecified. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
secretRef (Object) Optional: points to a secret object containing parameters used to connect
to OpenStack.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeID (string) volume id used to identify the volume in cinder. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
-
configMap (Object) ConfigMap represents a configMap that should populate this volume
Adapts a ConfigMap into a volume.
The contents of the target ConfigMap's Data field will be presented in a
volume as files using the keys in the Data field as the file names, unless
the items element is populated with specific mappings of keys to paths.
ConfigMap volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
csi (Object) CSI (Container Storage Interface) represents ephemeral storage that is
handled by certain external CSI drivers (Beta feature).
Represents a source location of a volume to mount, managed by an external
CSI driver
- driver (string) Driver is the name of the CSI driver that handles this volume. Consult with
your admin for the correct name as registered in the cluster.
- fsType (string) Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the
empty value is passed to the associated CSI driver which will determine the
default filesystem to apply.
-
nodePublishSecretRef (Object) NodePublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls. This field is optional,
and may be empty if no secret is required. If the secret object contains
more than one secret, all secret references are passed.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- readOnly (boolean) Specifies a read-only configuration for the volume. Defaults to false
(read/write).
- volumeAttributes (map[string]string) VolumeAttributes stores driver-specific properties that are passed to the
CSI driver. Consult your driver's documentation for supported values.
-
-
downwardAPI (Object) DownwardAPI represents downward API about the pod that should populate this
volume
DownwardAPIVolumeSource represents a volume containing downward API info.
Downward API volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits to use on created files by default. Must be a Optional:
mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) Items is a list of downward API volume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
emptyDir (Object) EmptyDir represents a temporary directory that shares a pod's lifetime.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
Represents an empty directory for a pod. Empty directory volumes support
ownership management and SELinux relabeling.
- medium (string) What type of storage medium should back this directory. The default is ""
which means to use the node's default medium. Must be an empty string
(default) or Memory. More info:
https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- sizeLimit (string) Total amount of local storage required for this EmptyDir volume. The size
limit is also applicable for memory medium. The maximum usage on memory
medium EmptyDir would be the minimum value between the SizeLimit specified
here and the sum of memory limits of all containers in a pod. The default
is nil which means that the limit is undefined. More info:
http://kubernetes.io/docs/user-guide/volumes#emptydir
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
ephemeral (Object) Ephemeral represents a volume that is handled by a cluster storage driver.
The volume's lifecycle is tied to the pod that defines it - it will be
created before the pod starts, and deleted when the pod is removed.
Use this if: a) the volume is only needed while the pod runs, b) features
of normal volumes like restoring from snapshot or capacity tracking are
needed, c) the storage driver is specified through a storage class, and d)
the storage driver supports dynamic volume provisioning through a
PersistentVolumeClaim (see EphemeralVolumeSource for more information on
the connection between this volume type and PersistentVolumeClaim).
Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes
that persist for longer than the lifecycle of an individual pod.
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant
to be used that way - see the documentation of the driver for more
information.
A pod can use both types of ephemeral volumes and persistent volumes at the
same time.
Represents an ephemeral volume that is handled by a normal storage driver.
-
volumeClaimTemplate (Object) Will be used to create a stand-alone PVC to provision the volume. The pod
in which this EphemeralVolumeSource is embedded will be the owner of the
PVC, i.e. the PVC will be deleted together with the pod. The name of the
PVC will be `(pod name)-(volume name)` where `(volume name)` is the name
from the `PodSpec.Volumes` array entry. Pod validation will reject the pod
if the concatenated name is not valid for a PVC (for example, too long).
An existing PVC with that name that is not owned by the pod will *not* be
used for the pod to avoid using an unrelated volume by mistake. Starting
the pod is then blocked until the unrelated PVC is removed. If such a
pre-created PVC is meant to be used by the pod, the PVC has to updated with
an owner reference to the pod once the pod exists. Normally this should not
be necessary, but it may be useful when manually reconstructing a broken
cluster.
This field is read-only and no changes will be made by Kubernetes to the
PVC after it has been created.
Required, must not be nil.
PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim
objects as part of an EphemeralVolumeSource.
-
metadata (Object) May contain labels and annotations that will be copied into the PVC when
creating it. No other fields are allowed and will be rejected during
validation.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) The specification for the PersistentVolumeClaim. The entire content is
copied unchanged into the PVC that gets created from this template. The
same fields as in a PersistentVolumeClaim are also valid here.
PersistentVolumeClaimSpec describes the common attributes of storage
devices and allows a Source for provider-specific attributes
- accessModes ([]string) AccessModes contains the desired access modes the volume should have. More
info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-
dataSource (Object) This field can be used to specify either: * An existing VolumeSnapshot
object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC
(PersistentVolumeClaim) If the provisioner or an external controller can
support the specified data source, it will create a new volume based on the
contents of the specified data source. If the AnyVolumeDataSource feature
gate is enabled, this field will always have the same contents as the
DataSourceRef field.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
dataSourceRef (Object) Specifies the object from which to populate the volume with data, if a
non-empty volume is desired. This may be any local object from a non-empty
API group (non core object) or a PersistentVolumeClaim object. When this
field is specified, volume binding will only succeed if the type of the
specified object matches some installed volume populator or dynamic
provisioner. This field will replace the functionality of the DataSource
field and as such if both fields are non-empty, they must have the same
value. For backwards compatibility, both fields (DataSource and
DataSourceRef) will be set to the same value automatically if one of them
is empty and the other is non-empty. There are two important differences
between DataSource and DataSourceRef: * While DataSource only allows two
specific types of objects, DataSourceRef allows any non-core object, as
well as PersistentVolumeClaim objects.
* While DataSource ignores disallowed values (dropping them), DataSourceRef
preserves all values, and generates an error if a disallowed value is
specified. (Alpha) Using this field requires the AnyVolumeDataSource
feature gate to be enabled.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
resources (Object) Resources represents the minimum resources the volume should have. If
RecoverVolumeExpansionFailure feature is enabled users are allowed to
specify resource requirements that are lower than previous value but must
still be higher than capacity recorded in the status field of the claim.
More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
selector (Object) A label query over volumes to consider for binding.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- storageClassName (string) Name of the StorageClass required by the claim. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- volumeMode (string) volumeMode defines what type of volume is required by the claim. Value of
Filesystem is implied when not included in claim spec.
- volumeName (string) VolumeName is the binding reference to the PersistentVolume backing this
claim.
-
-
-
-
fc (Object) FC represents a Fibre Channel resource that is attached to a kubelet's host
machine and then exposed to the pod.
Represents a Fibre Channel volume. Fibre Channel volumes can only be
mounted as read/write once. Fibre Channel volumes support ownership
management and SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- lun (integer) Optional: FC target lun number
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
- targetWWNs ([]string) Optional: FC target worldwide names (WWNs)
- wwids ([]string) Optional: FC volume world wide identifiers (wwids) Either wwids or
combination of targetWWNs and lun must be set, but not both simultaneously.
-
-
flexVolume (Object) FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
- driver (string) Driver is the name of the driver to use for this volume.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends
on FlexVolume script.
- options (map[string]string) Optional: Extra command options if any.
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
-
secretRef (Object) Optional: SecretRef is reference to the secret object containing sensitive
information to pass to the plugin scripts. This may be empty if no secret
object is specified. If the secret object contains more than one secret,
all secrets are passed to the plugin scripts.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
flocker (Object) Flocker represents a Flocker volume attached to a kubelet's host machine.
This depends on the Flocker control service being running
Represents a Flocker volume mounted by the Flocker agent. One and only one
of datasetName and datasetUUID should be set. Flocker volumes do not
support ownership management or SELinux relabeling.
- datasetName (string) Name of the dataset stored as metadata -) name on the dataset for Flocker
should be considered as deprecated
- datasetUUID (string) UUID of the dataset. This is unique identifier of a Flocker dataset
-
-
gcePersistentDisk (Object) GCEPersistentDisk represents a GCE Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
Represents a Persistent Disk resource in Google Compute Engine.
A GCE PD must exist before mounting to a container. The disk must also be
in the same GCE project and zone as the kubelet. A GCE PD can only be
mounted as read/write once or read-only many times. GCE PDs support
ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty). More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- pdName (string) Unique name of the PD resource in GCE. Used to identify the disk in GCE.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-
gitRepo (Object) GitRepo represents a git repository at a particular revision. DEPRECATED:
GitRepo is deprecated. To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo using git, then mount
the EmptyDir into the Pod's container.
Represents a volume that is populated with the contents of a git
repository. Git repo volumes do not support ownership management. Git repo
volumes support SELinux relabeling.
DEPRECATED: GitRepo is deprecated. To provision a container with a git
repo, mount an EmptyDir into an InitContainer that clones the repo using
git, then mount the EmptyDir into the Pod's container.
- directory (string) Target directory name. Must not contain or start with '..'. If '.' is
supplied, the volume directory will be the git repository. Otherwise, if
specified, the volume will contain the git repository in the subdirectory
with the given name.
- repository (string) Repository URL
- revision (string) Commit hash for the specified revision.
-
-
glusterfs (Object) Glusterfs represents a Glusterfs mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs
volumes do not support ownership management or SELinux relabeling.
- endpoints (string) EndpointsName is the endpoint name that details Glusterfs topology. More
info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- path (string) Path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- readOnly (boolean) ReadOnly here will force the Glusterfs volume to be mounted with read-only
permissions. Defaults to false. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-
hostPath (Object) HostPath represents a pre-existing file or directory on the host machine
that is directly exposed to the container. This is generally used for
system agents or other privileged things that are allowed to see the host
machine. Most containers will NOT need this. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
Represents a host path mapped into a pod. Host path volumes do not support
ownership management or SELinux relabeling.
- path (string) Path of the directory on the host. If the path is a symlink, it will follow
the link to the real path. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- type (string) Type for HostPath Volume Defaults to "" More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-
iscsi (Object) ISCSI represents an ISCSI Disk resource that is attached to a kubelet's
host machine and then exposed to the pod. More info:
https://examples.k8s.io/volumes/iscsi/README.md
Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write
once. ISCSI volumes support ownership management and SELinux relabeling.
- chapAuthDiscovery (boolean) whether support iSCSI Discovery CHAP authentication
- chapAuthSession (boolean) whether support iSCSI Session CHAP authentication
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- initiatorName (string) Custom iSCSI Initiator Name. If initiatorName is specified with
iscsiInterface simultaneously, new iSCSI interface (target portal):(volume
name) will be created for the connection.
- iqn (string) Target iSCSI Qualified Name.
- iscsiInterface (string) iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default'
(tcp).
- lun (integer) iSCSI Target Lun number.
- portals ([]string) iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the
port is other than default (typically TCP ports 860 and 3260).
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false.
-
secretRef (Object) CHAP Secret for iSCSI target and initiator authentication
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- targetPortal (string) iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
is other than default (typically TCP ports 860 and 3260).
-
- name (string) Volume's name. Must be a DNS_LABEL and unique within the pod. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
nfs (Object) NFS represents an NFS mount on the host that shares a pod's lifetime More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do
not support ownership management or SELinux relabeling.
- path (string) Path that is exported by the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- readOnly (boolean) ReadOnly here will force the NFS export to be mounted with read-only
permissions. Defaults to false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- server (string) Server is the hostname or IP address of the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-
persistentVolumeClaim (Object) PersistentVolumeClaimVolumeSource represents a reference to a
PersistentVolumeClaim in the same namespace. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
PersistentVolumeClaimVolumeSource references the user's PVC in the same
namespace. This volume finds the bound PV and mounts that volume for the
pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around
another type of volume that is owned by someone else (the system).
- claimName (string) ClaimName is the name of a PersistentVolumeClaim in the same namespace as
the pod using this volume. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- readOnly (boolean) Will force the ReadOnly setting in VolumeMounts. Default false.
-
-
photonPersistentDisk (Object) PhotonPersistentDisk represents a PhotonController persistent disk attached
and mounted on kubelets host machine
Represents a Photon Controller persistent disk resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- pdID (string) ID that identifies Photon Controller persistent disk
-
-
portworxVolume (Object) PortworxVolume represents a portworx volume attached and mounted on
kubelets host machine
PortworxVolumeSource represents a Portworx volume resource.
- fsType (string) FSType represents the filesystem type to mount Must be a filesystem type
supported by the host operating system. Ex. "ext4", "xfs". Implicitly
inferred to be "ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- volumeID (string) VolumeID uniquely identifies a Portworx volume
-
-
projected (Object) Items for all in one resources secrets, configmaps, and downward API
Represents a projected volume source
- defaultMode (integer) Mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Directories within the path are not affected by this
setting. This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
-
sources ([]Object) list of volume projections
Projection that may be projected along with other supported volume types
-
configMap (Object) information about the configMap data to project
Adapts a ConfigMap into a projected volume.
The contents of the target ConfigMap's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names, unless the items element is populated with specific mappings of keys
to paths. Note that this is identical to a configmap volume source without
the default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
downwardAPI (Object) information about the downwardAPI data to project
Represents downward API info for projecting into a projected volume. Note
that this is identical to a downwardAPI volume source without the default
mode.
-
items ([]Object) Items is a list of DownwardAPIVolume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
secret (Object) information about the secret data to project
Adapts a secret into a projected volume.
The contents of the target Secret's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names. Note that this is identical to a secret volume source without the
default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
serviceAccountToken (Object) information about the serviceAccountToken data to project
ServiceAccountTokenProjection represents a projected service account token
volume. This projection can be used to insert a service account token into
the pods runtime filesystem for use against APIs (Kubernetes API Server or
otherwise).
- audience (string) Audience is the intended audience of the token. A recipient of a token must
identify itself with an identifier specified in the audience of the token,
and otherwise should reject the token. The audience defaults to the
identifier of the apiserver.
- expirationSeconds (integer) ExpirationSeconds is the requested duration of validity of the service
account token. As the token approaches expiration, the kubelet volume
plugin will proactively rotate the service account token. The kubelet will
start trying to rotate the token if the token is older than 80 percent of
its time to live or if the token is older than 24 hours.Defaults to 1 hour
and must be at least 10 minutes.
- path (string) Path is the path relative to the mount point of the file to project the
token into.
-
-
-
-
quobyte (Object) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte
volumes do not support ownership management or SELinux relabeling.
- group (string) Group to map volume access to Default is no group
- readOnly (boolean) ReadOnly here will force the Quobyte volume to be mounted with read-only
permissions. Defaults to false.
- registry (string) Registry represents a single or multiple Quobyte Registry services
specified as a string as host:port pair (multiple entries are separated
with commas) which acts as the central registry for volumes
- tenant (string) Tenant owning the given Quobyte volume in the Backend Used with dynamically
provisioned Quobyte volumes, value is set by the plugin
- user (string) User to map volume access to Defaults to serivceaccount user
- volume (string) Volume is a string that references an already created Quobyte volume by
name.
-
-
rbd (Object) RBD represents a Rados Block Device mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD
volumes support ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- image (string) The rados image name. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- keyring (string) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- monitors ([]string) A collection of Ceph monitors. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- pool (string) The rados pool name. Default is rbd. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
secretRef (Object) SecretRef is name of the authentication secret for RBDUser. If provided
overrides keyring. Default is nil. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) The rados user name. Default is admin. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-
scaleIO (Object) ScaleIO represents a ScaleIO persistent volume attached and mounted on
Kubernetes nodes.
ScaleIOVolumeSource represents a persistent ScaleIO volume
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
- gateway (string) The host address of the ScaleIO API Gateway.
- protectionDomain (string) The name of the ScaleIO Protection Domain for the configured storage.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef references to the secret for ScaleIO user and other sensitive
information. If this is not provided, Login operation will fail.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- sslEnabled (boolean) Flag to enable/disable SSL communication with Gateway, default false
- storageMode (string) Indicates whether the storage for a volume should be ThickProvisioned or
ThinProvisioned. Default is ThinProvisioned.
- storagePool (string) The ScaleIO Storage Pool associated with the protection domain.
- system (string) The name of the storage system as configured in ScaleIO.
- volumeName (string) The name of a volume already created in the ScaleIO system that is
associated with this volume source.
-
-
secret (Object) Secret represents a secret that should populate this volume. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
Adapts a Secret into a volume.
The contents of the target Secret's Data field will be presented in a
volume as files using the keys in the Data field as the file names. Secret
volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- optional (boolean) Specify whether the Secret or its keys must be defined
- secretName (string) Name of the secret in the pod's namespace to use. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
-
-
storageos (Object) StorageOS represents a StorageOS volume attached and mounted on Kubernetes
nodes.
Represents a StorageOS persistent volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef specifies the secret to use for obtaining the StorageOS API
credentials. If not specified, default values will be attempted.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeName (string) VolumeName is the human-readable name of the StorageOS volume. Volume names
are only unique within a namespace.
- volumeNamespace (string) VolumeNamespace specifies the scope of the volume within StorageOS. If no
namespace is specified then the Pod's namespace will be used. This allows
the Kubernetes name scoping to be mirrored within StorageOS for tighter
integration. Set VolumeName to any name to override the default behaviour.
Set to "default" if you are not using namespaces within StorageOS.
Namespaces that do not pre-exist within StorageOS will be created.
-
-
vsphereVolume (Object) VsphereVolume represents a vSphere volume attached and mounted on kubelets
host machine
Represents a vSphere volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- storagePolicyID (string) Storage Policy Based Management (SPBM) profile ID associated with the
StoragePolicyName.
- storagePolicyName (string) Storage Policy Based Management (SPBM) profile name.
- volumePath (string) Path that identifies vSphere volume vmdk
-
-
-
-
-
updateStrategy (Object) updateStrategy indicates the StatefulSetUpdateStrategy that will be
employed to update Pods in the StatefulSet when a revision is made to
Template.
StatefulSetUpdateStrategy indicates the strategy that the StatefulSet
controller will use to perform updates. It includes any additional
parameters necessary to perform the update for the indicated strategy.
-
rollingUpdate (Object) RollingUpdate is used to communicate parameters when Type is
RollingUpdateStatefulSetStrategyType.
RollingUpdateStatefulSetStrategy is used to communicate parameter for
RollingUpdateStatefulSetStrategyType.
- partition (integer) Partition indicates the ordinal at which the StatefulSet should be
partitioned. Default value is 0.
-
- type (string) Type indicates the type of the StatefulSetUpdateStrategy. Default is
RollingUpdate.
-
-
volumeClaimTemplates ([]Object) volumeClaimTemplates is a list of claims that pods are allowed to
reference. The StatefulSet controller is responsible for mapping network
identities to claims in a way that maintains the identity of a pod. Every
claim in this list must have at least one matching (by name) volumeMount in
one container in the template. A claim in this list takes precedence over
any volumes in the template, with the same name.
PersistentVolumeClaim is a user's request for and claim to a persistent
volume
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec defines the desired characteristics of a volume requested by a pod
author. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
PersistentVolumeClaimSpec describes the common attributes of storage
devices and allows a Source for provider-specific attributes
- accessModes ([]string) AccessModes contains the desired access modes the volume should have. More
info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-
dataSource (Object) This field can be used to specify either: * An existing VolumeSnapshot
object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC
(PersistentVolumeClaim) If the provisioner or an external controller can
support the specified data source, it will create a new volume based on the
contents of the specified data source. If the AnyVolumeDataSource feature
gate is enabled, this field will always have the same contents as the
DataSourceRef field.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
dataSourceRef (Object) Specifies the object from which to populate the volume with data, if a
non-empty volume is desired. This may be any local object from a non-empty
API group (non core object) or a PersistentVolumeClaim object. When this
field is specified, volume binding will only succeed if the type of the
specified object matches some installed volume populator or dynamic
provisioner. This field will replace the functionality of the DataSource
field and as such if both fields are non-empty, they must have the same
value. For backwards compatibility, both fields (DataSource and
DataSourceRef) will be set to the same value automatically if one of them
is empty and the other is non-empty. There are two important differences
between DataSource and DataSourceRef: * While DataSource only allows two
specific types of objects, DataSourceRef allows any non-core object, as
well as PersistentVolumeClaim objects.
* While DataSource ignores disallowed values (dropping them), DataSourceRef
preserves all values, and generates an error if a disallowed value is
specified. (Alpha) Using this field requires the AnyVolumeDataSource
feature gate to be enabled.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
resources (Object) Resources represents the minimum resources the volume should have. If
RecoverVolumeExpansionFailure feature is enabled users are allowed to
specify resource requirements that are lower than previous value but must
still be higher than capacity recorded in the status field of the claim.
More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
selector (Object) A label query over volumes to consider for binding.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- storageClassName (string) Name of the StorageClass required by the claim. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- volumeMode (string) volumeMode defines what type of volume is required by the claim. Value of
Filesystem is implied when not included in claim spec.
- volumeName (string) VolumeName is the binding reference to the PersistentVolume backing this
claim.
-
-
status (Object) Status represents the current information/status of a persistent volume
claim. Read-only. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
PersistentVolumeClaimStatus is the current status of a persistent volume
claim.
- accessModes ([]string) AccessModes contains the actual access modes the volume backing the PVC
has. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
- allocatedResources (map[string]string) The storage resource within AllocatedResources tracks the capacity
allocated to a PVC. It may be larger than the actual capacity when a volume
expansion operation is requested. For storage quota, the larger value from
allocatedResources and PVC.spec.resources is used. If allocatedResources is
not set, PVC.spec.resources alone is used for quota calculation. If a
volume expansion capacity request is lowered, allocatedResources is only
lowered if there are no expansion operations in progress and if the actual
volume capacity is equal or lower than the requested capacity. This is an
alpha field and requires enabling RecoverVolumeExpansionFailure feature.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- capacity (map[string]string) Represents the actual resources of the underlying volume.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
conditions ([]Object) Current Condition of persistent volume claim. If underlying persistent
volume is being resized then the Condition will be set to 'ResizeStarted'.
PersistentVolumeClaimCondition contails details about state of pvc
- lastProbeTime (string) Last time we probed the condition.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- lastTransitionTime (string) Last time the condition transitioned from one status to another.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) Human-readable message indicating details about last transition.
- reason (string) Unique, this should be a short, machine understandable string that gives
the reason for condition's last transition. If it reports "ResizeStarted"
that means the underlying persistent volume is being resized.
- status (string) (empty)
- type (string)
-
- phase (string) Phase represents the current phase of PersistentVolumeClaim.
- resizeStatus (string) ResizeStatus stores status of resize operation. ResizeStatus is not set by
default but when expansion is complete resizeStatus is set to empty string
by resize controller or kubelet. This is an alpha field and requires
enabling RecoverVolumeExpansionFailure feature.
-
-
-
-
status (Object) Status is the current status of Pods in this StatefulSet. This data may be
out of date by some window of time.
StatefulSetStatus represents the current state of a StatefulSet.
- availableReplicas (integer) Total number of available pods (ready for at least minReadySeconds)
targeted by this statefulset. This is a beta field and enabled/disabled by
StatefulSetMinReadySeconds feature gate.
- collisionCount (integer) collisionCount is the count of hash collisions for the StatefulSet. The
StatefulSet controller uses this field as a collision avoidance mechanism
when it needs to create the name for the newest ControllerRevision.
-
conditions ([]Object) Represents the latest available observations of a statefulset's current
state.
StatefulSetCondition describes the state of a statefulset at a certain
point.
- lastTransitionTime (string) Last time the condition transitioned from one status to another.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) A human readable message indicating details about the transition.
- reason (string) The reason for the condition's last transition.
- status (string) Status of the condition, one of True, False, Unknown.
- type (string) Type of statefulset condition.
-
- currentReplicas (integer) currentReplicas is the number of Pods created by the StatefulSet controller
from the StatefulSet version indicated by currentRevision.
- currentRevision (string) currentRevision, if not empty, indicates the version of the StatefulSet
used to generate Pods in the sequence [0,currentReplicas).
- observedGeneration (integer) observedGeneration is the most recent generation observed for this
StatefulSet. It corresponds to the StatefulSet's generation, which is
updated on mutation by the API Server.
- readyReplicas (integer) readyReplicas is the number of pods created for this StatefulSet with a
Ready Condition.
- replicas (integer) replicas is the number of Pods created by the StatefulSet controller.
- updateRevision (string) updateRevision, if not empty, indicates the version of the StatefulSet used
to generate Pods in the sequence [replicas-updatedReplicas,replicas)
- updatedReplicas (integer) updatedReplicas is the number of Pods created by the StatefulSet controller
from the StatefulSet version indicated by updateRevision.
-
-
-
CronJob CronJob represents the configuration of a single cron job.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the desired behavior of a cron job, including the
schedule. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
CronJobSpec describes how the job execution will look like and when it will
actually run.
- concurrencyPolicy (string) Specifies how to treat concurrent executions of a Job. Valid values are: -
"Allow" (default): allows CronJobs to run concurrently; - "Forbid": forbids
concurrent runs, skipping next run if previous run hasn't finished yet; -
"Replace": cancels currently running job and replaces it with a new one
- failedJobsHistoryLimit (integer) The number of failed finished jobs to retain. Value must be non-negative
integer. Defaults to 1.
-
jobTemplate (Object) Specifies the job that will be created when executing a CronJob.
JobTemplateSpec describes the data a Job should have when created from a
template
-
metadata (Object) Standard object's metadata of the jobs created from this template. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the desired behavior of the job. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
JobSpec describes how the job execution will look like.
- activeDeadlineSeconds (integer) Specifies the duration in seconds relative to the startTime that the job
may be continuously active before the system tries to terminate it; value
must be positive integer. If a Job is suspended (at creation or through an
update), this timer will effectively be stopped and reset when the Job is
resumed again.
- backoffLimit (integer) Specifies the number of retries before marking this job failed. Defaults to
6
- completionMode (string) CompletionMode specifies how Pod completions are tracked. It can be
`NonIndexed` (default) or `Indexed`.
`NonIndexed` means that the Job is considered complete when there have been
.spec.completions successfully completed Pods. Each Pod completion is
homologous to each other.
`Indexed` means that the Pods of a Job get an associated completion index
from 0 to (.spec.completions - 1), available in the annotation
batch.kubernetes.io/job-completion-index. The Job is considered complete
when there is one successfully completed Pod for each index. When value is
`Indexed`, .spec.completions must be specified and `.spec.parallelism` must
be less than or equal to 10^5. In addition, The Pod name takes the form
`$(job-name)-$(index)-$(random-string)`, the Pod hostname takes the form
`$(job-name)-$(index)`.
This field is beta-level. More completion modes can be added in the future.
If the Job controller observes a mode that it doesn't recognize, the
controller skips updates for the Job.
- completions (integer) Specifies the desired number of successfully finished pods the job should
be run with. Setting to nil means that the success of any pod signals the
success of all pods, and allows parallelism to have any positive value.
Setting to 1 means that parallelism is limited to 1 and the success of that
pod signals the success of the job. More info:
https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
- manualSelector (boolean) manualSelector controls generation of pod labels and pod selectors. Leave
`manualSelector` unset unless you are certain what you are doing. When
false or unset, the system pick labels unique to this job and appends those
labels to the pod template. When true, the user is responsible for picking
unique labels and specifying the selector. Failure to pick a unique label
may cause this and other jobs to not function correctly. However, You may
see `manualSelector=true` in jobs that were created with the old
`extensions/v1beta1` API. More info:
https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
- parallelism (integer) Specifies the maximum desired number of pods the job should run at any
given time. The actual number of pods running in steady state will be less
than this number when ((.spec.completions - .status.successful) (
.spec.parallelism), i.e. when the work left to do is less than max
parallelism. More info:
https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
-
selector (Object) A label query over pods that should match the pod count. Normally, the
system sets this field for you. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- suspend (boolean) Suspend specifies whether the Job controller should create Pods or not. If
a Job is created with suspend set to true, no Pods are created by the Job
controller. If a Job is suspended after creation (i.e. the flag goes from
false to true), the Job controller will delete all active Pods associated
with this Job. Users must design their workload to gracefully handle this.
Suspending a Job will reset the StartTime field of the Job, effectively
resetting the ActiveDeadlineSeconds timer too. Defaults to false.
This field is beta-level, gated by SuspendJob feature flag (enabled by
default).
-
template (Object) Describes the pod that will be created when executing a job. More info:
https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
PodTemplateSpec describes the data a pod should have when created from a
template
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
PodSpec is a description of a pod.
- activeDeadlineSeconds (integer) Optional duration in seconds the pod may be active on the node relative to
StartTime before the system will actively try to mark it failed and kill
associated containers. Value must be a positive integer.
-
affinity (Object) If specified, the pod's scheduling constraints
Affinity is a group of affinity scheduling rules.
-
nodeAffinity (Object) Describes node affinity scheduling rules for the pod.
Node affinity is a group of node affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node matches
the corresponding matchExpressions; the node(s) with the highest sum are
the most preferred.
An empty preferred scheduling term matches all objects with implicit weight
0 (i.e. it's a no-op). A null preferred scheduling term matches no objects
(i.e. is also a no-op).
-
preference (Object) A node selector term, associated with the corresponding weight.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
- weight (integer) Weight associated with matching the corresponding nodeSelectorTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution (Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to an update), the system may or may not try
to eventually evict the pod from its node.
A node selector represents the union of the results of one or more label
queries over a set of nodes; that is, it represents the OR of the selectors
represented by the node selector terms.
-
nodeSelectorTerms ([]Object) Required. A list of node selector terms. The terms are ORed.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
-
-
-
podAffinity (Object) Describes pod affinity scheduling rules (e.g. co-locate this pod in the
same node, zone, etc. as some other pod(s)).
Pod affinity is a group of inter pod affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node has pods
which matches the corresponding podAffinityTerm; the node(s) with the
highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to a pod label update), the system may or
may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
podAntiAffinity (Object) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod
in the same node, zone, etc. as some other pod(s)).
Pod anti affinity is a group of inter pod anti affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
anti-affinity expressions specified by this field, but it may choose a node
that violates one or more of the expressions. The node that is most
preferred is the one with the greatest sum of weights, i.e. for each node
that meets all of the scheduling requirements (resource request,
requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by
iterating through the elements of this field and adding "weight" to the sum
if the node has pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the anti-affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
anti-affinity requirements specified by this field cease to be met at some
point during pod execution (e.g. due to a pod label update), the system may
or may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
- automountServiceAccountToken (boolean) AutomountServiceAccountToken indicates whether a service account token
should be automatically mounted.
-
containers ([]Object) List of containers belonging to the pod. Containers cannot currently be
added or removed. There must be at least one container in a Pod. Cannot be
updated.
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
dnsConfig (Object) Specifies the DNS parameters of a pod. Parameters specified here will be
merged to the generated DNS configuration based on DNSPolicy.
PodDNSConfig defines the DNS parameters of a pod in addition to those
generated from DNSPolicy.
- nameservers ([]string) A list of DNS name server IP addresses. This will be appended to the base
nameservers generated from DNSPolicy. Duplicated nameservers will be
removed.
-
options ([]Object) A list of DNS resolver options. This will be merged with the base options
generated from DNSPolicy. Duplicated entries will be removed. Resolution
options given in Options will override those that appear in the base
DNSPolicy.
PodDNSConfigOption defines DNS resolver options of a pod.
- name (string) Required.
- value (string) (empty)
-
- searches ([]string) A list of DNS search domains for host-name lookup. This will be appended to
the base search paths generated from DNSPolicy. Duplicated search paths
will be removed.
-
- dnsPolicy (string) Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are
'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS
parameters given in DNSConfig will be merged with the policy selected with
DNSPolicy. To have DNS options set along with hostNetwork, you have to
specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
- enableServiceLinks (boolean) EnableServiceLinks indicates whether information about services should be
injected into pod's environment variables, matching the syntax of Docker
links. Optional: Defaults to true.
-
ephemeralContainers ([]Object) List of ephemeral containers run in this pod. Ephemeral containers may be
run in an existing pod to perform user-initiated actions such as debugging.
This list cannot be specified when creating a pod, and it cannot be
modified by updating the pod spec. In order to add an ephemeral container
to an existing pod, use the pod's ephemeralcontainers subresource. This
field is beta-level and available on clusters that haven't disabled the
EphemeralContainers feature gate.
An EphemeralContainer is a temporary container that you may add to an
existing Pod for user-initiated activities such as debugging. Ephemeral
containers have no resource or scheduling guarantees, and they will not be
restarted when they exit or when a Pod is removed or restarted. The kubelet
may evict a Pod if an ephemeral container causes the Pod to exceed its
resource allocation.
To add an ephemeral container, use the ephemeralcontainers subresource of
an existing Pod. Ephemeral containers may not be removed or restarted.
This is a beta feature available on clusters that haven't disabled the
EphemeralContainers feature gate.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Lifecycle is not allowed for ephemeral containers.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the ephemeral container specified as a DNS_LABEL. This name must be
unique among all containers, init containers and ephemeral containers.
-
ports ([]Object) Ports are not allowed for ephemeral containers.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Resources are not allowed for ephemeral containers. Ephemeral containers
use spare resources already allocated to the pod.
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) Optional: SecurityContext defines the security options the ephemeral
container should be run with. If set, the fields of SecurityContext
override the equivalent fields of PodSecurityContext.
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- targetContainerName (string) If set, the name of the container from PodSpec that this ephemeral
container targets. The ephemeral container will be run in the namespaces
(IPC, PID, etc) of this container. If not set then the ephemeral container
uses the namespaces configured in the Pod spec.
The container runtime must implement support for this feature. If the
runtime does not support namespace targeting then the result of setting
this field is undefined.
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Subpath mounts are
not allowed for ephemeral containers. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
hostAliases ([]Object) HostAliases is an optional list of hosts and IPs that will be injected into
the pod's hosts file if specified. This is only valid for non-hostNetwork
pods.
HostAlias holds the mapping between IP and hostnames that will be injected
as an entry in the pod's hosts file.
- hostnames ([]string) Hostnames for the above IP address.
- ip (string) IP address of the host file entry.
-
- hostIPC (boolean) Use the host's ipc namespace. Optional: Default to false.
- hostNetwork (boolean) Host networking requested for this pod. Use the host's network namespace.
If this option is set, the ports that will be used must be specified.
Default to false.
- hostPID (boolean) Use the host's pid namespace. Optional: Default to false.
- hostname (string) Specifies the hostname of the Pod If not specified, the pod's hostname will
be set to a system-defined value.
-
imagePullSecrets ([]Object) ImagePullSecrets is an optional list of references to secrets in the same
namespace to use for pulling any of the images used by this PodSpec. If
specified, these secrets will be passed to individual puller
implementations for them to use. For example, in the case of docker, only
DockerConfig type secrets are honored. More info:
https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
initContainers ([]Object) List of initialization containers belonging to the pod. Init containers are
executed in order prior to containers being started. If any init container
fails, the pod is considered to have failed and is handled according to its
restartPolicy. The name for an init container or normal container must be
unique among all containers. Init containers may not have Lifecycle
actions, Readiness probes, Liveness probes, or Startup probes. The
resourceRequirements of an init container are taken into account during
scheduling by finding the highest request/limit for each resource type, and
then using the max of of that value or the sum of the normal containers.
Limits are applied to init containers in a similar fashion. Init containers
cannot currently be added or removed. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
- nodeName (string) NodeName is a request to schedule this pod onto a specific node. If it is
non-empty, the scheduler simply schedules this pod onto that node, assuming
that it fits resource requirements.
- nodeSelector (map[string]string) NodeSelector is a selector which must be true for the pod to fit on a node.
Selector which must match a node's labels for the pod to be scheduled on
that node. More info:
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-
os (Object) Specifies the OS of the containers in the pod. Some pod and container
fields are restricted if this is set.
If the OS field is set to linux, the following fields must be unset:
-securityContext.windowsOptions
If the OS field is set to windows, following fields must be unset: -
spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions -
spec.securityContext.seccompProfile - spec.securityContext.fsGroup -
spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls -
spec.shareProcessNamespace - spec.securityContext.runAsUser -
spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups -
spec.containers[*].securityContext.seLinuxOptions -
spec.containers[*].securityContext.seccompProfile -
spec.containers[*].securityContext.capabilities -
spec.containers[*].securityContext.readOnlyRootFilesystem -
spec.containers[*].securityContext.privileged -
spec.containers[*].securityContext.allowPrivilegeEscalation -
spec.containers[*].securityContext.procMount -
spec.containers[*].securityContext.runAsUser -
spec.containers[*].securityContext.runAsGroup This is an alpha field and
requires the IdentifyPodOS feature
PodOS defines the OS parameters of a pod.
- name (string) Name is the name of the operating system. The currently supported values
are linux and windows. Additional value may be defined in future and can be
one of:
https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
Clients should expect to handle additional values and treat unrecognized
values in this field as os: null
-
- overhead (map[string]string) Overhead represents the resource overhead associated with running a pod for
a given RuntimeClass. This field will be autopopulated at admission time by
the RuntimeClass admission controller. If the RuntimeClass admission
controller is enabled, overhead must not be set in Pod create requests. The
RuntimeClass admission controller will reject Pod create requests which
have the overhead already set. If RuntimeClass is configured and selected
in the PodSpec, Overhead will be set to the value defined in the
corresponding RuntimeClass, otherwise it will remain unset and treated as
zero. More info:
https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
This field is beta-level as of Kubernetes v1.18, and is only honored by
servers that enable the PodOverhead feature.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- preemptionPolicy (string) PreemptionPolicy is the Policy for preempting pods with lower priority. One
of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
This field is beta-level, gated by the NonPreemptingPriority feature-gate.
- priority (integer) The priority value. Various system components use this field to find the
priority of the pod. When Priority Admission Controller is enabled, it
prevents users from setting this field. The admission controller populates
this field from PriorityClassName. The higher the value, the higher the
priority.
- priorityClassName (string) If specified, indicates the pod's priority. "system-node-critical" and
"system-cluster-critical" are two special keywords which indicate the
highest priorities with the former being the highest priority. Any other
name must be defined by creating a PriorityClass object with that name. If
not specified, the pod priority will be default or zero if there is no
default.
-
readinessGates ([]Object) If specified, all readiness gates will be evaluated for pod readiness. A
pod is ready when all its containers are ready AND all conditions specified
in the readiness gates have status equal to "True" More info:
https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
PodReadinessGate contains the reference to a pod condition
- conditionType (string) ConditionType refers to a condition in the pod's condition list with
matching type.
-
- restartPolicy (string) Restart policy for all containers within the pod. One of Always, OnFailure,
Never. Default to Always. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
- runtimeClassName (string) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group,
which should be used to run this pod. If no RuntimeClass resource matches
the named class, the pod will not be run. If unset or empty, the "legacy"
RuntimeClass will be used, which is an implicit class with an empty
definition that uses the default runtime handler. More info:
https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class This is a
beta feature as of Kubernetes v1.14.
- schedulerName (string) If specified, the pod will be dispatched by specified scheduler. If not
specified, the pod will be dispatched by default scheduler.
-
securityContext (Object) SecurityContext holds pod-level security attributes and common container
settings. Optional: Defaults to empty. See type description for default
values of each field.
PodSecurityContext holds pod-level security attributes and common container
settings. Some fields are also present in container.securityContext. Field
values of container.securityContext take precedence over field values of
PodSecurityContext.
- fsGroup (integer) A special supplemental group that applies to all containers in a pod. Some
volume types allow the Kubelet to change the ownership of that volume to be
owned by the pod:
1. The owning GID will be the FSGroup 2. The setgid bit is set (new files
created in the volume will be owned by FSGroup) 3. The permission bits are
OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any
volume. Note that this field cannot be set when spec.os.name is windows.
- fsGroupChangePolicy (string) fsGroupChangePolicy defines behavior of changing ownership and permission
of the volume before being exposed inside Pod. This field will only apply
to volume types which support fsGroup based ownership(and permissions). It
will have no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always". If not
specified, "Always" is used. Note that this field cannot be set when
spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence for that container.
Note that this field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to all containers. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by the containers in this pod. Note that this
field cannot be set when spec.os.name is windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
- supplementalGroups ([]integer) A list of groups applied to the first process run in each container, in
addition to the container's primary GID. If unspecified, no groups will be
added to any container. Note that this field cannot be set when
spec.os.name is windows.
-
sysctls ([]Object) Sysctls hold a list of namespaced sysctls used for the pod. Pods with
unsupported sysctls (by the container runtime) might fail to launch. Note
that this field cannot be set when spec.os.name is windows.
Sysctl defines a kernel parameter to be set
- name (string) Name of a property to set
- value (string) Value of a property to set
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options within a container's SecurityContext will be used. If set in
both SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
- serviceAccount (string) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
Deprecated: Use serviceAccountName instead.
- serviceAccountName (string) ServiceAccountName is the name of the ServiceAccount to use to run this
pod. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- setHostnameAsFQDN (boolean) If true the pod's hostname will be configured as the pod's FQDN, rather
than the leaf name (the default). In Linux containers, this means setting
the FQDN in the hostname field of the kernel (the nodename field of struct
utsname). In Windows containers, this means setting the registry value of
hostname for the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to
FQDN. If a pod does not have FQDN, this has no effect. Default to false.
- shareProcessNamespace (boolean) Share a single process namespace between all of the containers in a pod.
When this is set containers will be able to view and signal processes from
other containers in the same pod, and the first process in each container
will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both
be set. Optional: Default to false.
- subdomain (string) If specified, the fully qualified Pod hostname will be
"(hostname).(subdomain).(pod namespace).svc.(cluster domain)". If not
specified, the pod will not have a domainname at all.
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully. May be
decreased in delete request. Value must be non-negative integer. The value
zero indicates stop immediately via the kill signal (no opportunity to shut
down). If this value is nil, the default grace period will be used instead.
The grace period is the duration in seconds after the processes running in
the pod are sent a termination signal and the time when the processes are
forcibly halted with a kill signal. Set this value longer than the expected
cleanup time for your process. Defaults to 30 seconds.
-
tolerations ([]Object) If specified, the pod's tolerations.
The pod this Toleration is attached to tolerates any taint that matches the
triple (key,value,effect) using the matching operator (operator).
- effect (string) Effect indicates the taint effect to match. Empty means match all taint
effects. When specified, allowed values are NoSchedule, PreferNoSchedule
and NoExecute.
- key (string) Key is the taint key that the toleration applies to. Empty means match all
taint keys. If the key is empty, operator must be Exists; this combination
means to match all values and all keys.
- operator (string) Operator represents a key's relationship to the value. Valid operators are
Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for
value, so that a pod can tolerate all taints of a particular category.
- tolerationSeconds (integer) TolerationSeconds represents the period of time the toleration (which must
be of effect NoExecute, otherwise this field is ignored) tolerates the
taint. By default, it is not set, which means tolerate the taint forever
(do not evict). Zero and negative values will be treated as 0 (evict
immediately) by the system.
- value (string) Value is the taint value the toleration matches to. If the operator is
Exists, the value should be empty, otherwise just a regular string.
-
-
topologySpreadConstraints ([]Object) TopologySpreadConstraints describes how a group of pods ought to spread
across topology domains. Scheduler will schedule pods in a way which abides
by the constraints. All topologySpreadConstraints are ANDed.
TopologySpreadConstraint specifies how to spread matching pods among the
given topology.
-
labelSelector (Object) LabelSelector is used to find matching pods. Pods that match this label
selector are counted to determine the number of pods in their corresponding
topology domain.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- maxSkew (integer) MaxSkew describes the degree to which pods may be unevenly distributed.
When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted
difference between the number of matching pods in the target topology and
the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1,
and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 |
zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled
to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the
ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2,
incoming pod can be scheduled onto any zone. When
`whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to
topologies that satisfy it. It's a required field. Default value is 1 and 0
is not allowed.
- topologyKey (string) TopologyKey is the key of node labels. Nodes that have a label with this
key and identical values are considered to be in the same topology. We
consider each (key, value) as a "bucket", and try to put balanced number of
pods into each bucket. It's a required field.
- whenUnsatisfiable (string) WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
the spread constraint. - DoNotSchedule (default) tells the scheduler not to
schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in
any location, but giving higher precedence to topologies that would help
reduce the skew. A constraint is considered "Unsatisfiable" for an incoming
pod if and only if every possible node assignment for that pod would
violate "MaxSkew" on some topology. For example, in a 3-zone cluster,
MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:
| zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to
DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become
3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In
other words, the cluster can still be imbalanced, but scheduler won't make
it *more* imbalanced. It's a required field.
-
-
volumes ([]Object) List of volumes that can be mounted by containers belonging to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes
Volume represents a named volume in a pod that may be accessed by any
container in the pod.
-
awsElasticBlockStore (Object) AWSElasticBlockStore represents an AWS Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
Represents a Persistent Disk resource in AWS.
An AWS EBS disk must exist before mounting to a container. The disk must
also be in the same AWS zone as the kubelet. An AWS EBS disk can only be
mounted as read/write once. AWS EBS volumes support ownership management
and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty).
- readOnly (boolean) Specify "true" to force and set the ReadOnly property in VolumeMounts to
"true". If omitted, the default is "false". More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- volumeID (string) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More
info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-
azureDisk (Object) AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
- cachingMode (string) Host Caching mode: None, Read Only, Read Write.
- diskName (string) The Name of the data disk in the blob storage
- diskURI (string) The URI the data disk in the blob storage
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- kind (string) Expected values Shared: multiple blob disks per storage account Dedicated:
single blob disk per storage account Managed: azure managed data disk (only
in managed availability set). defaults to shared
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
-
azureFile (Object) AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- secretName (string) the name of secret that contains Azure Storage Account Name and Key
- shareName (string) Share Name
-
-
cephfs (Object) CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs
volumes do not support ownership management or SELinux relabeling.
- monitors ([]string) Required: Monitors is a collection of Ceph monitors More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- path (string) Optional: Used as the mounted root, rather than the full Ceph tree, default
is /
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- secretFile (string) Optional: SecretFile is the path to key ring for User, default is
/etc/ceph/user.secret More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
secretRef (Object) Optional: SecretRef is reference to the authentication secret for User,
default is empty. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) Optional: User is the rados user name, default is admin More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-
cinder (Object) Cinder represents a cinder volume attached and mounted on kubelets host
machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
Represents a cinder volume resource in Openstack. A Cinder volume must
exist before mounting to a container. The volume must also be in the same
region as the kubelet. Cinder volumes support ownership management and
SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
be "ext4" if unspecified. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
secretRef (Object) Optional: points to a secret object containing parameters used to connect
to OpenStack.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeID (string) volume id used to identify the volume in cinder. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
-
configMap (Object) ConfigMap represents a configMap that should populate this volume
Adapts a ConfigMap into a volume.
The contents of the target ConfigMap's Data field will be presented in a
volume as files using the keys in the Data field as the file names, unless
the items element is populated with specific mappings of keys to paths.
ConfigMap volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
csi (Object) CSI (Container Storage Interface) represents ephemeral storage that is
handled by certain external CSI drivers (Beta feature).
Represents a source location of a volume to mount, managed by an external
CSI driver
- driver (string) Driver is the name of the CSI driver that handles this volume. Consult with
your admin for the correct name as registered in the cluster.
- fsType (string) Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the
empty value is passed to the associated CSI driver which will determine the
default filesystem to apply.
-
nodePublishSecretRef (Object) NodePublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls. This field is optional,
and may be empty if no secret is required. If the secret object contains
more than one secret, all secret references are passed.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- readOnly (boolean) Specifies a read-only configuration for the volume. Defaults to false
(read/write).
- volumeAttributes (map[string]string) VolumeAttributes stores driver-specific properties that are passed to the
CSI driver. Consult your driver's documentation for supported values.
-
-
downwardAPI (Object) DownwardAPI represents downward API about the pod that should populate this
volume
DownwardAPIVolumeSource represents a volume containing downward API info.
Downward API volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits to use on created files by default. Must be a Optional:
mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) Items is a list of downward API volume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
emptyDir (Object) EmptyDir represents a temporary directory that shares a pod's lifetime.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
Represents an empty directory for a pod. Empty directory volumes support
ownership management and SELinux relabeling.
- medium (string) What type of storage medium should back this directory. The default is ""
which means to use the node's default medium. Must be an empty string
(default) or Memory. More info:
https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- sizeLimit (string) Total amount of local storage required for this EmptyDir volume. The size
limit is also applicable for memory medium. The maximum usage on memory
medium EmptyDir would be the minimum value between the SizeLimit specified
here and the sum of memory limits of all containers in a pod. The default
is nil which means that the limit is undefined. More info:
http://kubernetes.io/docs/user-guide/volumes#emptydir
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
ephemeral (Object) Ephemeral represents a volume that is handled by a cluster storage driver.
The volume's lifecycle is tied to the pod that defines it - it will be
created before the pod starts, and deleted when the pod is removed.
Use this if: a) the volume is only needed while the pod runs, b) features
of normal volumes like restoring from snapshot or capacity tracking are
needed, c) the storage driver is specified through a storage class, and d)
the storage driver supports dynamic volume provisioning through a
PersistentVolumeClaim (see EphemeralVolumeSource for more information on
the connection between this volume type and PersistentVolumeClaim).
Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes
that persist for longer than the lifecycle of an individual pod.
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant
to be used that way - see the documentation of the driver for more
information.
A pod can use both types of ephemeral volumes and persistent volumes at the
same time.
Represents an ephemeral volume that is handled by a normal storage driver.
-
volumeClaimTemplate (Object) Will be used to create a stand-alone PVC to provision the volume. The pod
in which this EphemeralVolumeSource is embedded will be the owner of the
PVC, i.e. the PVC will be deleted together with the pod. The name of the
PVC will be `(pod name)-(volume name)` where `(volume name)` is the name
from the `PodSpec.Volumes` array entry. Pod validation will reject the pod
if the concatenated name is not valid for a PVC (for example, too long).
An existing PVC with that name that is not owned by the pod will *not* be
used for the pod to avoid using an unrelated volume by mistake. Starting
the pod is then blocked until the unrelated PVC is removed. If such a
pre-created PVC is meant to be used by the pod, the PVC has to updated with
an owner reference to the pod once the pod exists. Normally this should not
be necessary, but it may be useful when manually reconstructing a broken
cluster.
This field is read-only and no changes will be made by Kubernetes to the
PVC after it has been created.
Required, must not be nil.
PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim
objects as part of an EphemeralVolumeSource.
-
metadata (Object) May contain labels and annotations that will be copied into the PVC when
creating it. No other fields are allowed and will be rejected during
validation.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) The specification for the PersistentVolumeClaim. The entire content is
copied unchanged into the PVC that gets created from this template. The
same fields as in a PersistentVolumeClaim are also valid here.
PersistentVolumeClaimSpec describes the common attributes of storage
devices and allows a Source for provider-specific attributes
- accessModes ([]string) AccessModes contains the desired access modes the volume should have. More
info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-
dataSource (Object) This field can be used to specify either: * An existing VolumeSnapshot
object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC
(PersistentVolumeClaim) If the provisioner or an external controller can
support the specified data source, it will create a new volume based on the
contents of the specified data source. If the AnyVolumeDataSource feature
gate is enabled, this field will always have the same contents as the
DataSourceRef field.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
dataSourceRef (Object) Specifies the object from which to populate the volume with data, if a
non-empty volume is desired. This may be any local object from a non-empty
API group (non core object) or a PersistentVolumeClaim object. When this
field is specified, volume binding will only succeed if the type of the
specified object matches some installed volume populator or dynamic
provisioner. This field will replace the functionality of the DataSource
field and as such if both fields are non-empty, they must have the same
value. For backwards compatibility, both fields (DataSource and
DataSourceRef) will be set to the same value automatically if one of them
is empty and the other is non-empty. There are two important differences
between DataSource and DataSourceRef: * While DataSource only allows two
specific types of objects, DataSourceRef allows any non-core object, as
well as PersistentVolumeClaim objects.
* While DataSource ignores disallowed values (dropping them), DataSourceRef
preserves all values, and generates an error if a disallowed value is
specified. (Alpha) Using this field requires the AnyVolumeDataSource
feature gate to be enabled.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
resources (Object) Resources represents the minimum resources the volume should have. If
RecoverVolumeExpansionFailure feature is enabled users are allowed to
specify resource requirements that are lower than previous value but must
still be higher than capacity recorded in the status field of the claim.
More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
selector (Object) A label query over volumes to consider for binding.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- storageClassName (string) Name of the StorageClass required by the claim. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- volumeMode (string) volumeMode defines what type of volume is required by the claim. Value of
Filesystem is implied when not included in claim spec.
- volumeName (string) VolumeName is the binding reference to the PersistentVolume backing this
claim.
-
-
-
-
fc (Object) FC represents a Fibre Channel resource that is attached to a kubelet's host
machine and then exposed to the pod.
Represents a Fibre Channel volume. Fibre Channel volumes can only be
mounted as read/write once. Fibre Channel volumes support ownership
management and SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- lun (integer) Optional: FC target lun number
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
- targetWWNs ([]string) Optional: FC target worldwide names (WWNs)
- wwids ([]string) Optional: FC volume world wide identifiers (wwids) Either wwids or
combination of targetWWNs and lun must be set, but not both simultaneously.
-
-
flexVolume (Object) FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
- driver (string) Driver is the name of the driver to use for this volume.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends
on FlexVolume script.
- options (map[string]string) Optional: Extra command options if any.
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
-
secretRef (Object) Optional: SecretRef is reference to the secret object containing sensitive
information to pass to the plugin scripts. This may be empty if no secret
object is specified. If the secret object contains more than one secret,
all secrets are passed to the plugin scripts.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
flocker (Object) Flocker represents a Flocker volume attached to a kubelet's host machine.
This depends on the Flocker control service being running
Represents a Flocker volume mounted by the Flocker agent. One and only one
of datasetName and datasetUUID should be set. Flocker volumes do not
support ownership management or SELinux relabeling.
- datasetName (string) Name of the dataset stored as metadata -) name on the dataset for Flocker
should be considered as deprecated
- datasetUUID (string) UUID of the dataset. This is unique identifier of a Flocker dataset
-
-
gcePersistentDisk (Object) GCEPersistentDisk represents a GCE Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
Represents a Persistent Disk resource in Google Compute Engine.
A GCE PD must exist before mounting to a container. The disk must also be
in the same GCE project and zone as the kubelet. A GCE PD can only be
mounted as read/write once or read-only many times. GCE PDs support
ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty). More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- pdName (string) Unique name of the PD resource in GCE. Used to identify the disk in GCE.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-
gitRepo (Object) GitRepo represents a git repository at a particular revision. DEPRECATED:
GitRepo is deprecated. To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo using git, then mount
the EmptyDir into the Pod's container.
Represents a volume that is populated with the contents of a git
repository. Git repo volumes do not support ownership management. Git repo
volumes support SELinux relabeling.
DEPRECATED: GitRepo is deprecated. To provision a container with a git
repo, mount an EmptyDir into an InitContainer that clones the repo using
git, then mount the EmptyDir into the Pod's container.
- directory (string) Target directory name. Must not contain or start with '..'. If '.' is
supplied, the volume directory will be the git repository. Otherwise, if
specified, the volume will contain the git repository in the subdirectory
with the given name.
- repository (string) Repository URL
- revision (string) Commit hash for the specified revision.
-
-
glusterfs (Object) Glusterfs represents a Glusterfs mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs
volumes do not support ownership management or SELinux relabeling.
- endpoints (string) EndpointsName is the endpoint name that details Glusterfs topology. More
info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- path (string) Path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- readOnly (boolean) ReadOnly here will force the Glusterfs volume to be mounted with read-only
permissions. Defaults to false. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-
hostPath (Object) HostPath represents a pre-existing file or directory on the host machine
that is directly exposed to the container. This is generally used for
system agents or other privileged things that are allowed to see the host
machine. Most containers will NOT need this. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
Represents a host path mapped into a pod. Host path volumes do not support
ownership management or SELinux relabeling.
- path (string) Path of the directory on the host. If the path is a symlink, it will follow
the link to the real path. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- type (string) Type for HostPath Volume Defaults to "" More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-
iscsi (Object) ISCSI represents an ISCSI Disk resource that is attached to a kubelet's
host machine and then exposed to the pod. More info:
https://examples.k8s.io/volumes/iscsi/README.md
Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write
once. ISCSI volumes support ownership management and SELinux relabeling.
- chapAuthDiscovery (boolean) whether support iSCSI Discovery CHAP authentication
- chapAuthSession (boolean) whether support iSCSI Session CHAP authentication
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- initiatorName (string) Custom iSCSI Initiator Name. If initiatorName is specified with
iscsiInterface simultaneously, new iSCSI interface (target portal):(volume
name) will be created for the connection.
- iqn (string) Target iSCSI Qualified Name.
- iscsiInterface (string) iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default'
(tcp).
- lun (integer) iSCSI Target Lun number.
- portals ([]string) iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the
port is other than default (typically TCP ports 860 and 3260).
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false.
-
secretRef (Object) CHAP Secret for iSCSI target and initiator authentication
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- targetPortal (string) iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
is other than default (typically TCP ports 860 and 3260).
-
- name (string) Volume's name. Must be a DNS_LABEL and unique within the pod. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
nfs (Object) NFS represents an NFS mount on the host that shares a pod's lifetime More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do
not support ownership management or SELinux relabeling.
- path (string) Path that is exported by the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- readOnly (boolean) ReadOnly here will force the NFS export to be mounted with read-only
permissions. Defaults to false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- server (string) Server is the hostname or IP address of the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-
persistentVolumeClaim (Object) PersistentVolumeClaimVolumeSource represents a reference to a
PersistentVolumeClaim in the same namespace. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
PersistentVolumeClaimVolumeSource references the user's PVC in the same
namespace. This volume finds the bound PV and mounts that volume for the
pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around
another type of volume that is owned by someone else (the system).
- claimName (string) ClaimName is the name of a PersistentVolumeClaim in the same namespace as
the pod using this volume. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- readOnly (boolean) Will force the ReadOnly setting in VolumeMounts. Default false.
-
-
photonPersistentDisk (Object) PhotonPersistentDisk represents a PhotonController persistent disk attached
and mounted on kubelets host machine
Represents a Photon Controller persistent disk resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- pdID (string) ID that identifies Photon Controller persistent disk
-
-
portworxVolume (Object) PortworxVolume represents a portworx volume attached and mounted on
kubelets host machine
PortworxVolumeSource represents a Portworx volume resource.
- fsType (string) FSType represents the filesystem type to mount Must be a filesystem type
supported by the host operating system. Ex. "ext4", "xfs". Implicitly
inferred to be "ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- volumeID (string) VolumeID uniquely identifies a Portworx volume
-
-
projected (Object) Items for all in one resources secrets, configmaps, and downward API
Represents a projected volume source
- defaultMode (integer) Mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Directories within the path are not affected by this
setting. This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
-
sources ([]Object) list of volume projections
Projection that may be projected along with other supported volume types
-
configMap (Object) information about the configMap data to project
Adapts a ConfigMap into a projected volume.
The contents of the target ConfigMap's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names, unless the items element is populated with specific mappings of keys
to paths. Note that this is identical to a configmap volume source without
the default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
downwardAPI (Object) information about the downwardAPI data to project
Represents downward API info for projecting into a projected volume. Note
that this is identical to a downwardAPI volume source without the default
mode.
-
items ([]Object) Items is a list of DownwardAPIVolume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
secret (Object) information about the secret data to project
Adapts a secret into a projected volume.
The contents of the target Secret's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names. Note that this is identical to a secret volume source without the
default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
serviceAccountToken (Object) information about the serviceAccountToken data to project
ServiceAccountTokenProjection represents a projected service account token
volume. This projection can be used to insert a service account token into
the pods runtime filesystem for use against APIs (Kubernetes API Server or
otherwise).
- audience (string) Audience is the intended audience of the token. A recipient of a token must
identify itself with an identifier specified in the audience of the token,
and otherwise should reject the token. The audience defaults to the
identifier of the apiserver.
- expirationSeconds (integer) ExpirationSeconds is the requested duration of validity of the service
account token. As the token approaches expiration, the kubelet volume
plugin will proactively rotate the service account token. The kubelet will
start trying to rotate the token if the token is older than 80 percent of
its time to live or if the token is older than 24 hours.Defaults to 1 hour
and must be at least 10 minutes.
- path (string) Path is the path relative to the mount point of the file to project the
token into.
-
-
-
-
quobyte (Object) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte
volumes do not support ownership management or SELinux relabeling.
- group (string) Group to map volume access to Default is no group
- readOnly (boolean) ReadOnly here will force the Quobyte volume to be mounted with read-only
permissions. Defaults to false.
- registry (string) Registry represents a single or multiple Quobyte Registry services
specified as a string as host:port pair (multiple entries are separated
with commas) which acts as the central registry for volumes
- tenant (string) Tenant owning the given Quobyte volume in the Backend Used with dynamically
provisioned Quobyte volumes, value is set by the plugin
- user (string) User to map volume access to Defaults to serivceaccount user
- volume (string) Volume is a string that references an already created Quobyte volume by
name.
-
-
rbd (Object) RBD represents a Rados Block Device mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD
volumes support ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- image (string) The rados image name. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- keyring (string) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- monitors ([]string) A collection of Ceph monitors. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- pool (string) The rados pool name. Default is rbd. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
secretRef (Object) SecretRef is name of the authentication secret for RBDUser. If provided
overrides keyring. Default is nil. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) The rados user name. Default is admin. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-
scaleIO (Object) ScaleIO represents a ScaleIO persistent volume attached and mounted on
Kubernetes nodes.
ScaleIOVolumeSource represents a persistent ScaleIO volume
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
- gateway (string) The host address of the ScaleIO API Gateway.
- protectionDomain (string) The name of the ScaleIO Protection Domain for the configured storage.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef references to the secret for ScaleIO user and other sensitive
information. If this is not provided, Login operation will fail.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- sslEnabled (boolean) Flag to enable/disable SSL communication with Gateway, default false
- storageMode (string) Indicates whether the storage for a volume should be ThickProvisioned or
ThinProvisioned. Default is ThinProvisioned.
- storagePool (string) The ScaleIO Storage Pool associated with the protection domain.
- system (string) The name of the storage system as configured in ScaleIO.
- volumeName (string) The name of a volume already created in the ScaleIO system that is
associated with this volume source.
-
-
secret (Object) Secret represents a secret that should populate this volume. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
Adapts a Secret into a volume.
The contents of the target Secret's Data field will be presented in a
volume as files using the keys in the Data field as the file names. Secret
volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- optional (boolean) Specify whether the Secret or its keys must be defined
- secretName (string) Name of the secret in the pod's namespace to use. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
-
-
storageos (Object) StorageOS represents a StorageOS volume attached and mounted on Kubernetes
nodes.
Represents a StorageOS persistent volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef specifies the secret to use for obtaining the StorageOS API
credentials. If not specified, default values will be attempted.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeName (string) VolumeName is the human-readable name of the StorageOS volume. Volume names
are only unique within a namespace.
- volumeNamespace (string) VolumeNamespace specifies the scope of the volume within StorageOS. If no
namespace is specified then the Pod's namespace will be used. This allows
the Kubernetes name scoping to be mirrored within StorageOS for tighter
integration. Set VolumeName to any name to override the default behaviour.
Set to "default" if you are not using namespaces within StorageOS.
Namespaces that do not pre-exist within StorageOS will be created.
-
-
vsphereVolume (Object) VsphereVolume represents a vSphere volume attached and mounted on kubelets
host machine
Represents a vSphere volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- storagePolicyID (string) Storage Policy Based Management (SPBM) profile ID associated with the
StoragePolicyName.
- storagePolicyName (string) Storage Policy Based Management (SPBM) profile name.
- volumePath (string) Path that identifies vSphere volume vmdk
-
-
-
-
- ttlSecondsAfterFinished (integer) ttlSecondsAfterFinished limits the lifetime of a Job that has finished
execution (either Complete or Failed). If this field is set,
ttlSecondsAfterFinished after the Job finishes, it is eligible to be
automatically deleted. When the Job is being deleted, its lifecycle
guarantees (e.g. finalizers) will be honored. If this field is unset, the
Job won't be automatically deleted. If this field is set to zero, the Job
becomes eligible to be deleted immediately after it finishes.
-
-
- schedule (string) The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron.
- startingDeadlineSeconds (integer) Optional deadline in seconds for starting the job if it misses scheduled
time for any reason. Missed jobs executions will be counted as failed ones.
- successfulJobsHistoryLimit (integer) The number of successful finished jobs to retain. Value must be
non-negative integer. Defaults to 3.
- suspend (boolean) This flag tells the controller to suspend subsequent executions, it does
not apply to already started executions. Defaults to false.
-
-
status (Object) Current status of a cron job. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
CronJobStatus represents the current state of a cron job.
-
active ([]Object) A list of pointers to currently running jobs.
ObjectReference contains enough information to let you inspect or modify
the referred object.
- apiVersion (string) API version of the referent.
- fieldPath (string) If referring to a piece of an object instead of an entire object, this
string should contain a valid JSON/Go field access statement, such as
desiredState.manifest.containers[2]. For example, if the object reference
is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container
that triggered the event) or if no container name is specified
"spec.containers[2]" (container with index 2 in this pod). This syntax is
chosen only to have some well-defined way of referencing a part of an
object.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- namespace (string) Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- resourceVersion (string) Specific resourceVersion to which this reference is made, if any. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- uid (string) UID of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-
- lastScheduleTime (string) Information when was the last time the job was successfully scheduled.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- lastSuccessfulTime (string) Information when was the last time the job successfully completed.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
-
-
Job Job represents the configuration of a single job.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the desired behavior of a job. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
JobSpec describes how the job execution will look like.
- activeDeadlineSeconds (integer) Specifies the duration in seconds relative to the startTime that the job
may be continuously active before the system tries to terminate it; value
must be positive integer. If a Job is suspended (at creation or through an
update), this timer will effectively be stopped and reset when the Job is
resumed again.
- backoffLimit (integer) Specifies the number of retries before marking this job failed. Defaults to
6
- completionMode (string) CompletionMode specifies how Pod completions are tracked. It can be
`NonIndexed` (default) or `Indexed`.
`NonIndexed` means that the Job is considered complete when there have been
.spec.completions successfully completed Pods. Each Pod completion is
homologous to each other.
`Indexed` means that the Pods of a Job get an associated completion index
from 0 to (.spec.completions - 1), available in the annotation
batch.kubernetes.io/job-completion-index. The Job is considered complete
when there is one successfully completed Pod for each index. When value is
`Indexed`, .spec.completions must be specified and `.spec.parallelism` must
be less than or equal to 10^5. In addition, The Pod name takes the form
`$(job-name)-$(index)-$(random-string)`, the Pod hostname takes the form
`$(job-name)-$(index)`.
This field is beta-level. More completion modes can be added in the future.
If the Job controller observes a mode that it doesn't recognize, the
controller skips updates for the Job.
- completions (integer) Specifies the desired number of successfully finished pods the job should
be run with. Setting to nil means that the success of any pod signals the
success of all pods, and allows parallelism to have any positive value.
Setting to 1 means that parallelism is limited to 1 and the success of that
pod signals the success of the job. More info:
https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
- manualSelector (boolean) manualSelector controls generation of pod labels and pod selectors. Leave
`manualSelector` unset unless you are certain what you are doing. When
false or unset, the system pick labels unique to this job and appends those
labels to the pod template. When true, the user is responsible for picking
unique labels and specifying the selector. Failure to pick a unique label
may cause this and other jobs to not function correctly. However, You may
see `manualSelector=true` in jobs that were created with the old
`extensions/v1beta1` API. More info:
https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
- parallelism (integer) Specifies the maximum desired number of pods the job should run at any
given time. The actual number of pods running in steady state will be less
than this number when ((.spec.completions - .status.successful) (
.spec.parallelism), i.e. when the work left to do is less than max
parallelism. More info:
https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
-
selector (Object) A label query over pods that should match the pod count. Normally, the
system sets this field for you. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- suspend (boolean) Suspend specifies whether the Job controller should create Pods or not. If
a Job is created with suspend set to true, no Pods are created by the Job
controller. If a Job is suspended after creation (i.e. the flag goes from
false to true), the Job controller will delete all active Pods associated
with this Job. Users must design their workload to gracefully handle this.
Suspending a Job will reset the StartTime field of the Job, effectively
resetting the ActiveDeadlineSeconds timer too. Defaults to false.
This field is beta-level, gated by SuspendJob feature flag (enabled by
default).
-
template (Object) Describes the pod that will be created when executing a job. More info:
https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
PodTemplateSpec describes the data a pod should have when created from a
template
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
PodSpec is a description of a pod.
- activeDeadlineSeconds (integer) Optional duration in seconds the pod may be active on the node relative to
StartTime before the system will actively try to mark it failed and kill
associated containers. Value must be a positive integer.
-
affinity (Object) If specified, the pod's scheduling constraints
Affinity is a group of affinity scheduling rules.
-
nodeAffinity (Object) Describes node affinity scheduling rules for the pod.
Node affinity is a group of node affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node matches
the corresponding matchExpressions; the node(s) with the highest sum are
the most preferred.
An empty preferred scheduling term matches all objects with implicit weight
0 (i.e. it's a no-op). A null preferred scheduling term matches no objects
(i.e. is also a no-op).
-
preference (Object) A node selector term, associated with the corresponding weight.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
- weight (integer) Weight associated with matching the corresponding nodeSelectorTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution (Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to an update), the system may or may not try
to eventually evict the pod from its node.
A node selector represents the union of the results of one or more label
queries over a set of nodes; that is, it represents the OR of the selectors
represented by the node selector terms.
-
nodeSelectorTerms ([]Object) Required. A list of node selector terms. The terms are ORed.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
-
-
-
podAffinity (Object) Describes pod affinity scheduling rules (e.g. co-locate this pod in the
same node, zone, etc. as some other pod(s)).
Pod affinity is a group of inter pod affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node has pods
which matches the corresponding podAffinityTerm; the node(s) with the
highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to a pod label update), the system may or
may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
podAntiAffinity (Object) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod
in the same node, zone, etc. as some other pod(s)).
Pod anti affinity is a group of inter pod anti affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
anti-affinity expressions specified by this field, but it may choose a node
that violates one or more of the expressions. The node that is most
preferred is the one with the greatest sum of weights, i.e. for each node
that meets all of the scheduling requirements (resource request,
requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by
iterating through the elements of this field and adding "weight" to the sum
if the node has pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the anti-affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
anti-affinity requirements specified by this field cease to be met at some
point during pod execution (e.g. due to a pod label update), the system may
or may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
- automountServiceAccountToken (boolean) AutomountServiceAccountToken indicates whether a service account token
should be automatically mounted.
-
containers ([]Object) List of containers belonging to the pod. Containers cannot currently be
added or removed. There must be at least one container in a Pod. Cannot be
updated.
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
dnsConfig (Object) Specifies the DNS parameters of a pod. Parameters specified here will be
merged to the generated DNS configuration based on DNSPolicy.
PodDNSConfig defines the DNS parameters of a pod in addition to those
generated from DNSPolicy.
- nameservers ([]string) A list of DNS name server IP addresses. This will be appended to the base
nameservers generated from DNSPolicy. Duplicated nameservers will be
removed.
-
options ([]Object) A list of DNS resolver options. This will be merged with the base options
generated from DNSPolicy. Duplicated entries will be removed. Resolution
options given in Options will override those that appear in the base
DNSPolicy.
PodDNSConfigOption defines DNS resolver options of a pod.
- name (string) Required.
- value (string) (empty)
-
- searches ([]string) A list of DNS search domains for host-name lookup. This will be appended to
the base search paths generated from DNSPolicy. Duplicated search paths
will be removed.
-
- dnsPolicy (string) Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are
'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS
parameters given in DNSConfig will be merged with the policy selected with
DNSPolicy. To have DNS options set along with hostNetwork, you have to
specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
- enableServiceLinks (boolean) EnableServiceLinks indicates whether information about services should be
injected into pod's environment variables, matching the syntax of Docker
links. Optional: Defaults to true.
-
ephemeralContainers ([]Object) List of ephemeral containers run in this pod. Ephemeral containers may be
run in an existing pod to perform user-initiated actions such as debugging.
This list cannot be specified when creating a pod, and it cannot be
modified by updating the pod spec. In order to add an ephemeral container
to an existing pod, use the pod's ephemeralcontainers subresource. This
field is beta-level and available on clusters that haven't disabled the
EphemeralContainers feature gate.
An EphemeralContainer is a temporary container that you may add to an
existing Pod for user-initiated activities such as debugging. Ephemeral
containers have no resource or scheduling guarantees, and they will not be
restarted when they exit or when a Pod is removed or restarted. The kubelet
may evict a Pod if an ephemeral container causes the Pod to exceed its
resource allocation.
To add an ephemeral container, use the ephemeralcontainers subresource of
an existing Pod. Ephemeral containers may not be removed or restarted.
This is a beta feature available on clusters that haven't disabled the
EphemeralContainers feature gate.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Lifecycle is not allowed for ephemeral containers.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the ephemeral container specified as a DNS_LABEL. This name must be
unique among all containers, init containers and ephemeral containers.
-
ports ([]Object) Ports are not allowed for ephemeral containers.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Resources are not allowed for ephemeral containers. Ephemeral containers
use spare resources already allocated to the pod.
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) Optional: SecurityContext defines the security options the ephemeral
container should be run with. If set, the fields of SecurityContext
override the equivalent fields of PodSecurityContext.
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- targetContainerName (string) If set, the name of the container from PodSpec that this ephemeral
container targets. The ephemeral container will be run in the namespaces
(IPC, PID, etc) of this container. If not set then the ephemeral container
uses the namespaces configured in the Pod spec.
The container runtime must implement support for this feature. If the
runtime does not support namespace targeting then the result of setting
this field is undefined.
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Subpath mounts are
not allowed for ephemeral containers. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
hostAliases ([]Object) HostAliases is an optional list of hosts and IPs that will be injected into
the pod's hosts file if specified. This is only valid for non-hostNetwork
pods.
HostAlias holds the mapping between IP and hostnames that will be injected
as an entry in the pod's hosts file.
- hostnames ([]string) Hostnames for the above IP address.
- ip (string) IP address of the host file entry.
-
- hostIPC (boolean) Use the host's ipc namespace. Optional: Default to false.
- hostNetwork (boolean) Host networking requested for this pod. Use the host's network namespace.
If this option is set, the ports that will be used must be specified.
Default to false.
- hostPID (boolean) Use the host's pid namespace. Optional: Default to false.
- hostname (string) Specifies the hostname of the Pod If not specified, the pod's hostname will
be set to a system-defined value.
-
imagePullSecrets ([]Object) ImagePullSecrets is an optional list of references to secrets in the same
namespace to use for pulling any of the images used by this PodSpec. If
specified, these secrets will be passed to individual puller
implementations for them to use. For example, in the case of docker, only
DockerConfig type secrets are honored. More info:
https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
initContainers ([]Object) List of initialization containers belonging to the pod. Init containers are
executed in order prior to containers being started. If any init container
fails, the pod is considered to have failed and is handled according to its
restartPolicy. The name for an init container or normal container must be
unique among all containers. Init containers may not have Lifecycle
actions, Readiness probes, Liveness probes, or Startup probes. The
resourceRequirements of an init container are taken into account during
scheduling by finding the highest request/limit for each resource type, and
then using the max of of that value or the sum of the normal containers.
Limits are applied to init containers in a similar fashion. Init containers
cannot currently be added or removed. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
- nodeName (string) NodeName is a request to schedule this pod onto a specific node. If it is
non-empty, the scheduler simply schedules this pod onto that node, assuming
that it fits resource requirements.
- nodeSelector (map[string]string) NodeSelector is a selector which must be true for the pod to fit on a node.
Selector which must match a node's labels for the pod to be scheduled on
that node. More info:
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-
os (Object) Specifies the OS of the containers in the pod. Some pod and container
fields are restricted if this is set.
If the OS field is set to linux, the following fields must be unset:
-securityContext.windowsOptions
If the OS field is set to windows, following fields must be unset: -
spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions -
spec.securityContext.seccompProfile - spec.securityContext.fsGroup -
spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls -
spec.shareProcessNamespace - spec.securityContext.runAsUser -
spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups -
spec.containers[*].securityContext.seLinuxOptions -
spec.containers[*].securityContext.seccompProfile -
spec.containers[*].securityContext.capabilities -
spec.containers[*].securityContext.readOnlyRootFilesystem -
spec.containers[*].securityContext.privileged -
spec.containers[*].securityContext.allowPrivilegeEscalation -
spec.containers[*].securityContext.procMount -
spec.containers[*].securityContext.runAsUser -
spec.containers[*].securityContext.runAsGroup This is an alpha field and
requires the IdentifyPodOS feature
PodOS defines the OS parameters of a pod.
- name (string) Name is the name of the operating system. The currently supported values
are linux and windows. Additional value may be defined in future and can be
one of:
https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
Clients should expect to handle additional values and treat unrecognized
values in this field as os: null
-
- overhead (map[string]string) Overhead represents the resource overhead associated with running a pod for
a given RuntimeClass. This field will be autopopulated at admission time by
the RuntimeClass admission controller. If the RuntimeClass admission
controller is enabled, overhead must not be set in Pod create requests. The
RuntimeClass admission controller will reject Pod create requests which
have the overhead already set. If RuntimeClass is configured and selected
in the PodSpec, Overhead will be set to the value defined in the
corresponding RuntimeClass, otherwise it will remain unset and treated as
zero. More info:
https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
This field is beta-level as of Kubernetes v1.18, and is only honored by
servers that enable the PodOverhead feature.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- preemptionPolicy (string) PreemptionPolicy is the Policy for preempting pods with lower priority. One
of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
This field is beta-level, gated by the NonPreemptingPriority feature-gate.
- priority (integer) The priority value. Various system components use this field to find the
priority of the pod. When Priority Admission Controller is enabled, it
prevents users from setting this field. The admission controller populates
this field from PriorityClassName. The higher the value, the higher the
priority.
- priorityClassName (string) If specified, indicates the pod's priority. "system-node-critical" and
"system-cluster-critical" are two special keywords which indicate the
highest priorities with the former being the highest priority. Any other
name must be defined by creating a PriorityClass object with that name. If
not specified, the pod priority will be default or zero if there is no
default.
-
readinessGates ([]Object) If specified, all readiness gates will be evaluated for pod readiness. A
pod is ready when all its containers are ready AND all conditions specified
in the readiness gates have status equal to "True" More info:
https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
PodReadinessGate contains the reference to a pod condition
- conditionType (string) ConditionType refers to a condition in the pod's condition list with
matching type.
-
- restartPolicy (string) Restart policy for all containers within the pod. One of Always, OnFailure,
Never. Default to Always. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
- runtimeClassName (string) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group,
which should be used to run this pod. If no RuntimeClass resource matches
the named class, the pod will not be run. If unset or empty, the "legacy"
RuntimeClass will be used, which is an implicit class with an empty
definition that uses the default runtime handler. More info:
https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class This is a
beta feature as of Kubernetes v1.14.
- schedulerName (string) If specified, the pod will be dispatched by specified scheduler. If not
specified, the pod will be dispatched by default scheduler.
-
securityContext (Object) SecurityContext holds pod-level security attributes and common container
settings. Optional: Defaults to empty. See type description for default
values of each field.
PodSecurityContext holds pod-level security attributes and common container
settings. Some fields are also present in container.securityContext. Field
values of container.securityContext take precedence over field values of
PodSecurityContext.
- fsGroup (integer) A special supplemental group that applies to all containers in a pod. Some
volume types allow the Kubelet to change the ownership of that volume to be
owned by the pod:
1. The owning GID will be the FSGroup 2. The setgid bit is set (new files
created in the volume will be owned by FSGroup) 3. The permission bits are
OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any
volume. Note that this field cannot be set when spec.os.name is windows.
- fsGroupChangePolicy (string) fsGroupChangePolicy defines behavior of changing ownership and permission
of the volume before being exposed inside Pod. This field will only apply
to volume types which support fsGroup based ownership(and permissions). It
will have no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always". If not
specified, "Always" is used. Note that this field cannot be set when
spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence for that container.
Note that this field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to all containers. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by the containers in this pod. Note that this
field cannot be set when spec.os.name is windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
- supplementalGroups ([]integer) A list of groups applied to the first process run in each container, in
addition to the container's primary GID. If unspecified, no groups will be
added to any container. Note that this field cannot be set when
spec.os.name is windows.
-
sysctls ([]Object) Sysctls hold a list of namespaced sysctls used for the pod. Pods with
unsupported sysctls (by the container runtime) might fail to launch. Note
that this field cannot be set when spec.os.name is windows.
Sysctl defines a kernel parameter to be set
- name (string) Name of a property to set
- value (string) Value of a property to set
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options within a container's SecurityContext will be used. If set in
both SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
- serviceAccount (string) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
Deprecated: Use serviceAccountName instead.
- serviceAccountName (string) ServiceAccountName is the name of the ServiceAccount to use to run this
pod. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- setHostnameAsFQDN (boolean) If true the pod's hostname will be configured as the pod's FQDN, rather
than the leaf name (the default). In Linux containers, this means setting
the FQDN in the hostname field of the kernel (the nodename field of struct
utsname). In Windows containers, this means setting the registry value of
hostname for the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to
FQDN. If a pod does not have FQDN, this has no effect. Default to false.
- shareProcessNamespace (boolean) Share a single process namespace between all of the containers in a pod.
When this is set containers will be able to view and signal processes from
other containers in the same pod, and the first process in each container
will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both
be set. Optional: Default to false.
- subdomain (string) If specified, the fully qualified Pod hostname will be
"(hostname).(subdomain).(pod namespace).svc.(cluster domain)". If not
specified, the pod will not have a domainname at all.
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully. May be
decreased in delete request. Value must be non-negative integer. The value
zero indicates stop immediately via the kill signal (no opportunity to shut
down). If this value is nil, the default grace period will be used instead.
The grace period is the duration in seconds after the processes running in
the pod are sent a termination signal and the time when the processes are
forcibly halted with a kill signal. Set this value longer than the expected
cleanup time for your process. Defaults to 30 seconds.
-
tolerations ([]Object) If specified, the pod's tolerations.
The pod this Toleration is attached to tolerates any taint that matches the
triple (key,value,effect) using the matching operator (operator).
- effect (string) Effect indicates the taint effect to match. Empty means match all taint
effects. When specified, allowed values are NoSchedule, PreferNoSchedule
and NoExecute.
- key (string) Key is the taint key that the toleration applies to. Empty means match all
taint keys. If the key is empty, operator must be Exists; this combination
means to match all values and all keys.
- operator (string) Operator represents a key's relationship to the value. Valid operators are
Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for
value, so that a pod can tolerate all taints of a particular category.
- tolerationSeconds (integer) TolerationSeconds represents the period of time the toleration (which must
be of effect NoExecute, otherwise this field is ignored) tolerates the
taint. By default, it is not set, which means tolerate the taint forever
(do not evict). Zero and negative values will be treated as 0 (evict
immediately) by the system.
- value (string) Value is the taint value the toleration matches to. If the operator is
Exists, the value should be empty, otherwise just a regular string.
-
-
topologySpreadConstraints ([]Object) TopologySpreadConstraints describes how a group of pods ought to spread
across topology domains. Scheduler will schedule pods in a way which abides
by the constraints. All topologySpreadConstraints are ANDed.
TopologySpreadConstraint specifies how to spread matching pods among the
given topology.
-
labelSelector (Object) LabelSelector is used to find matching pods. Pods that match this label
selector are counted to determine the number of pods in their corresponding
topology domain.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- maxSkew (integer) MaxSkew describes the degree to which pods may be unevenly distributed.
When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted
difference between the number of matching pods in the target topology and
the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1,
and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 |
zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled
to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the
ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2,
incoming pod can be scheduled onto any zone. When
`whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to
topologies that satisfy it. It's a required field. Default value is 1 and 0
is not allowed.
- topologyKey (string) TopologyKey is the key of node labels. Nodes that have a label with this
key and identical values are considered to be in the same topology. We
consider each (key, value) as a "bucket", and try to put balanced number of
pods into each bucket. It's a required field.
- whenUnsatisfiable (string) WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
the spread constraint. - DoNotSchedule (default) tells the scheduler not to
schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in
any location, but giving higher precedence to topologies that would help
reduce the skew. A constraint is considered "Unsatisfiable" for an incoming
pod if and only if every possible node assignment for that pod would
violate "MaxSkew" on some topology. For example, in a 3-zone cluster,
MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:
| zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to
DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become
3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In
other words, the cluster can still be imbalanced, but scheduler won't make
it *more* imbalanced. It's a required field.
-
-
volumes ([]Object) List of volumes that can be mounted by containers belonging to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes
Volume represents a named volume in a pod that may be accessed by any
container in the pod.
-
awsElasticBlockStore (Object) AWSElasticBlockStore represents an AWS Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
Represents a Persistent Disk resource in AWS.
An AWS EBS disk must exist before mounting to a container. The disk must
also be in the same AWS zone as the kubelet. An AWS EBS disk can only be
mounted as read/write once. AWS EBS volumes support ownership management
and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty).
- readOnly (boolean) Specify "true" to force and set the ReadOnly property in VolumeMounts to
"true". If omitted, the default is "false". More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- volumeID (string) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More
info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-
azureDisk (Object) AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
- cachingMode (string) Host Caching mode: None, Read Only, Read Write.
- diskName (string) The Name of the data disk in the blob storage
- diskURI (string) The URI the data disk in the blob storage
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- kind (string) Expected values Shared: multiple blob disks per storage account Dedicated:
single blob disk per storage account Managed: azure managed data disk (only
in managed availability set). defaults to shared
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
-
azureFile (Object) AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- secretName (string) the name of secret that contains Azure Storage Account Name and Key
- shareName (string) Share Name
-
-
cephfs (Object) CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs
volumes do not support ownership management or SELinux relabeling.
- monitors ([]string) Required: Monitors is a collection of Ceph monitors More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- path (string) Optional: Used as the mounted root, rather than the full Ceph tree, default
is /
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- secretFile (string) Optional: SecretFile is the path to key ring for User, default is
/etc/ceph/user.secret More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
secretRef (Object) Optional: SecretRef is reference to the authentication secret for User,
default is empty. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) Optional: User is the rados user name, default is admin More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-
cinder (Object) Cinder represents a cinder volume attached and mounted on kubelets host
machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
Represents a cinder volume resource in Openstack. A Cinder volume must
exist before mounting to a container. The volume must also be in the same
region as the kubelet. Cinder volumes support ownership management and
SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
be "ext4" if unspecified. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
secretRef (Object) Optional: points to a secret object containing parameters used to connect
to OpenStack.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeID (string) volume id used to identify the volume in cinder. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
-
configMap (Object) ConfigMap represents a configMap that should populate this volume
Adapts a ConfigMap into a volume.
The contents of the target ConfigMap's Data field will be presented in a
volume as files using the keys in the Data field as the file names, unless
the items element is populated with specific mappings of keys to paths.
ConfigMap volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
csi (Object) CSI (Container Storage Interface) represents ephemeral storage that is
handled by certain external CSI drivers (Beta feature).
Represents a source location of a volume to mount, managed by an external
CSI driver
- driver (string) Driver is the name of the CSI driver that handles this volume. Consult with
your admin for the correct name as registered in the cluster.
- fsType (string) Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the
empty value is passed to the associated CSI driver which will determine the
default filesystem to apply.
-
nodePublishSecretRef (Object) NodePublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls. This field is optional,
and may be empty if no secret is required. If the secret object contains
more than one secret, all secret references are passed.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- readOnly (boolean) Specifies a read-only configuration for the volume. Defaults to false
(read/write).
- volumeAttributes (map[string]string) VolumeAttributes stores driver-specific properties that are passed to the
CSI driver. Consult your driver's documentation for supported values.
-
-
downwardAPI (Object) DownwardAPI represents downward API about the pod that should populate this
volume
DownwardAPIVolumeSource represents a volume containing downward API info.
Downward API volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits to use on created files by default. Must be a Optional:
mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) Items is a list of downward API volume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
emptyDir (Object) EmptyDir represents a temporary directory that shares a pod's lifetime.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
Represents an empty directory for a pod. Empty directory volumes support
ownership management and SELinux relabeling.
- medium (string) What type of storage medium should back this directory. The default is ""
which means to use the node's default medium. Must be an empty string
(default) or Memory. More info:
https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- sizeLimit (string) Total amount of local storage required for this EmptyDir volume. The size
limit is also applicable for memory medium. The maximum usage on memory
medium EmptyDir would be the minimum value between the SizeLimit specified
here and the sum of memory limits of all containers in a pod. The default
is nil which means that the limit is undefined. More info:
http://kubernetes.io/docs/user-guide/volumes#emptydir
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
ephemeral (Object) Ephemeral represents a volume that is handled by a cluster storage driver.
The volume's lifecycle is tied to the pod that defines it - it will be
created before the pod starts, and deleted when the pod is removed.
Use this if: a) the volume is only needed while the pod runs, b) features
of normal volumes like restoring from snapshot or capacity tracking are
needed, c) the storage driver is specified through a storage class, and d)
the storage driver supports dynamic volume provisioning through a
PersistentVolumeClaim (see EphemeralVolumeSource for more information on
the connection between this volume type and PersistentVolumeClaim).
Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes
that persist for longer than the lifecycle of an individual pod.
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant
to be used that way - see the documentation of the driver for more
information.
A pod can use both types of ephemeral volumes and persistent volumes at the
same time.
Represents an ephemeral volume that is handled by a normal storage driver.
-
volumeClaimTemplate (Object) Will be used to create a stand-alone PVC to provision the volume. The pod
in which this EphemeralVolumeSource is embedded will be the owner of the
PVC, i.e. the PVC will be deleted together with the pod. The name of the
PVC will be `(pod name)-(volume name)` where `(volume name)` is the name
from the `PodSpec.Volumes` array entry. Pod validation will reject the pod
if the concatenated name is not valid for a PVC (for example, too long).
An existing PVC with that name that is not owned by the pod will *not* be
used for the pod to avoid using an unrelated volume by mistake. Starting
the pod is then blocked until the unrelated PVC is removed. If such a
pre-created PVC is meant to be used by the pod, the PVC has to updated with
an owner reference to the pod once the pod exists. Normally this should not
be necessary, but it may be useful when manually reconstructing a broken
cluster.
This field is read-only and no changes will be made by Kubernetes to the
PVC after it has been created.
Required, must not be nil.
PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim
objects as part of an EphemeralVolumeSource.
-
metadata (Object) May contain labels and annotations that will be copied into the PVC when
creating it. No other fields are allowed and will be rejected during
validation.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) The specification for the PersistentVolumeClaim. The entire content is
copied unchanged into the PVC that gets created from this template. The
same fields as in a PersistentVolumeClaim are also valid here.
PersistentVolumeClaimSpec describes the common attributes of storage
devices and allows a Source for provider-specific attributes
- accessModes ([]string) AccessModes contains the desired access modes the volume should have. More
info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-
dataSource (Object) This field can be used to specify either: * An existing VolumeSnapshot
object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC
(PersistentVolumeClaim) If the provisioner or an external controller can
support the specified data source, it will create a new volume based on the
contents of the specified data source. If the AnyVolumeDataSource feature
gate is enabled, this field will always have the same contents as the
DataSourceRef field.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
dataSourceRef (Object) Specifies the object from which to populate the volume with data, if a
non-empty volume is desired. This may be any local object from a non-empty
API group (non core object) or a PersistentVolumeClaim object. When this
field is specified, volume binding will only succeed if the type of the
specified object matches some installed volume populator or dynamic
provisioner. This field will replace the functionality of the DataSource
field and as such if both fields are non-empty, they must have the same
value. For backwards compatibility, both fields (DataSource and
DataSourceRef) will be set to the same value automatically if one of them
is empty and the other is non-empty. There are two important differences
between DataSource and DataSourceRef: * While DataSource only allows two
specific types of objects, DataSourceRef allows any non-core object, as
well as PersistentVolumeClaim objects.
* While DataSource ignores disallowed values (dropping them), DataSourceRef
preserves all values, and generates an error if a disallowed value is
specified. (Alpha) Using this field requires the AnyVolumeDataSource
feature gate to be enabled.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
resources (Object) Resources represents the minimum resources the volume should have. If
RecoverVolumeExpansionFailure feature is enabled users are allowed to
specify resource requirements that are lower than previous value but must
still be higher than capacity recorded in the status field of the claim.
More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
selector (Object) A label query over volumes to consider for binding.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- storageClassName (string) Name of the StorageClass required by the claim. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- volumeMode (string) volumeMode defines what type of volume is required by the claim. Value of
Filesystem is implied when not included in claim spec.
- volumeName (string) VolumeName is the binding reference to the PersistentVolume backing this
claim.
-
-
-
-
fc (Object) FC represents a Fibre Channel resource that is attached to a kubelet's host
machine and then exposed to the pod.
Represents a Fibre Channel volume. Fibre Channel volumes can only be
mounted as read/write once. Fibre Channel volumes support ownership
management and SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- lun (integer) Optional: FC target lun number
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
- targetWWNs ([]string) Optional: FC target worldwide names (WWNs)
- wwids ([]string) Optional: FC volume world wide identifiers (wwids) Either wwids or
combination of targetWWNs and lun must be set, but not both simultaneously.
-
-
flexVolume (Object) FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
- driver (string) Driver is the name of the driver to use for this volume.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends
on FlexVolume script.
- options (map[string]string) Optional: Extra command options if any.
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
-
secretRef (Object) Optional: SecretRef is reference to the secret object containing sensitive
information to pass to the plugin scripts. This may be empty if no secret
object is specified. If the secret object contains more than one secret,
all secrets are passed to the plugin scripts.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
flocker (Object) Flocker represents a Flocker volume attached to a kubelet's host machine.
This depends on the Flocker control service being running
Represents a Flocker volume mounted by the Flocker agent. One and only one
of datasetName and datasetUUID should be set. Flocker volumes do not
support ownership management or SELinux relabeling.
- datasetName (string) Name of the dataset stored as metadata -) name on the dataset for Flocker
should be considered as deprecated
- datasetUUID (string) UUID of the dataset. This is unique identifier of a Flocker dataset
-
-
gcePersistentDisk (Object) GCEPersistentDisk represents a GCE Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
Represents a Persistent Disk resource in Google Compute Engine.
A GCE PD must exist before mounting to a container. The disk must also be
in the same GCE project and zone as the kubelet. A GCE PD can only be
mounted as read/write once or read-only many times. GCE PDs support
ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty). More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- pdName (string) Unique name of the PD resource in GCE. Used to identify the disk in GCE.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-
gitRepo (Object) GitRepo represents a git repository at a particular revision. DEPRECATED:
GitRepo is deprecated. To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo using git, then mount
the EmptyDir into the Pod's container.
Represents a volume that is populated with the contents of a git
repository. Git repo volumes do not support ownership management. Git repo
volumes support SELinux relabeling.
DEPRECATED: GitRepo is deprecated. To provision a container with a git
repo, mount an EmptyDir into an InitContainer that clones the repo using
git, then mount the EmptyDir into the Pod's container.
- directory (string) Target directory name. Must not contain or start with '..'. If '.' is
supplied, the volume directory will be the git repository. Otherwise, if
specified, the volume will contain the git repository in the subdirectory
with the given name.
- repository (string) Repository URL
- revision (string) Commit hash for the specified revision.
-
-
glusterfs (Object) Glusterfs represents a Glusterfs mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs
volumes do not support ownership management or SELinux relabeling.
- endpoints (string) EndpointsName is the endpoint name that details Glusterfs topology. More
info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- path (string) Path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- readOnly (boolean) ReadOnly here will force the Glusterfs volume to be mounted with read-only
permissions. Defaults to false. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-
hostPath (Object) HostPath represents a pre-existing file or directory on the host machine
that is directly exposed to the container. This is generally used for
system agents or other privileged things that are allowed to see the host
machine. Most containers will NOT need this. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
Represents a host path mapped into a pod. Host path volumes do not support
ownership management or SELinux relabeling.
- path (string) Path of the directory on the host. If the path is a symlink, it will follow
the link to the real path. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- type (string) Type for HostPath Volume Defaults to "" More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-
iscsi (Object) ISCSI represents an ISCSI Disk resource that is attached to a kubelet's
host machine and then exposed to the pod. More info:
https://examples.k8s.io/volumes/iscsi/README.md
Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write
once. ISCSI volumes support ownership management and SELinux relabeling.
- chapAuthDiscovery (boolean) whether support iSCSI Discovery CHAP authentication
- chapAuthSession (boolean) whether support iSCSI Session CHAP authentication
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- initiatorName (string) Custom iSCSI Initiator Name. If initiatorName is specified with
iscsiInterface simultaneously, new iSCSI interface (target portal):(volume
name) will be created for the connection.
- iqn (string) Target iSCSI Qualified Name.
- iscsiInterface (string) iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default'
(tcp).
- lun (integer) iSCSI Target Lun number.
- portals ([]string) iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the
port is other than default (typically TCP ports 860 and 3260).
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false.
-
secretRef (Object) CHAP Secret for iSCSI target and initiator authentication
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- targetPortal (string) iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
is other than default (typically TCP ports 860 and 3260).
-
- name (string) Volume's name. Must be a DNS_LABEL and unique within the pod. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
nfs (Object) NFS represents an NFS mount on the host that shares a pod's lifetime More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do
not support ownership management or SELinux relabeling.
- path (string) Path that is exported by the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- readOnly (boolean) ReadOnly here will force the NFS export to be mounted with read-only
permissions. Defaults to false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- server (string) Server is the hostname or IP address of the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-
persistentVolumeClaim (Object) PersistentVolumeClaimVolumeSource represents a reference to a
PersistentVolumeClaim in the same namespace. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
PersistentVolumeClaimVolumeSource references the user's PVC in the same
namespace. This volume finds the bound PV and mounts that volume for the
pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around
another type of volume that is owned by someone else (the system).
- claimName (string) ClaimName is the name of a PersistentVolumeClaim in the same namespace as
the pod using this volume. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- readOnly (boolean) Will force the ReadOnly setting in VolumeMounts. Default false.
-
-
photonPersistentDisk (Object) PhotonPersistentDisk represents a PhotonController persistent disk attached
and mounted on kubelets host machine
Represents a Photon Controller persistent disk resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- pdID (string) ID that identifies Photon Controller persistent disk
-
-
portworxVolume (Object) PortworxVolume represents a portworx volume attached and mounted on
kubelets host machine
PortworxVolumeSource represents a Portworx volume resource.
- fsType (string) FSType represents the filesystem type to mount Must be a filesystem type
supported by the host operating system. Ex. "ext4", "xfs". Implicitly
inferred to be "ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- volumeID (string) VolumeID uniquely identifies a Portworx volume
-
-
projected (Object) Items for all in one resources secrets, configmaps, and downward API
Represents a projected volume source
- defaultMode (integer) Mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Directories within the path are not affected by this
setting. This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
-
sources ([]Object) list of volume projections
Projection that may be projected along with other supported volume types
-
configMap (Object) information about the configMap data to project
Adapts a ConfigMap into a projected volume.
The contents of the target ConfigMap's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names, unless the items element is populated with specific mappings of keys
to paths. Note that this is identical to a configmap volume source without
the default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
downwardAPI (Object) information about the downwardAPI data to project
Represents downward API info for projecting into a projected volume. Note
that this is identical to a downwardAPI volume source without the default
mode.
-
items ([]Object) Items is a list of DownwardAPIVolume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
secret (Object) information about the secret data to project
Adapts a secret into a projected volume.
The contents of the target Secret's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names. Note that this is identical to a secret volume source without the
default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
serviceAccountToken (Object) information about the serviceAccountToken data to project
ServiceAccountTokenProjection represents a projected service account token
volume. This projection can be used to insert a service account token into
the pods runtime filesystem for use against APIs (Kubernetes API Server or
otherwise).
- audience (string) Audience is the intended audience of the token. A recipient of a token must
identify itself with an identifier specified in the audience of the token,
and otherwise should reject the token. The audience defaults to the
identifier of the apiserver.
- expirationSeconds (integer) ExpirationSeconds is the requested duration of validity of the service
account token. As the token approaches expiration, the kubelet volume
plugin will proactively rotate the service account token. The kubelet will
start trying to rotate the token if the token is older than 80 percent of
its time to live or if the token is older than 24 hours.Defaults to 1 hour
and must be at least 10 minutes.
- path (string) Path is the path relative to the mount point of the file to project the
token into.
-
-
-
-
quobyte (Object) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte
volumes do not support ownership management or SELinux relabeling.
- group (string) Group to map volume access to Default is no group
- readOnly (boolean) ReadOnly here will force the Quobyte volume to be mounted with read-only
permissions. Defaults to false.
- registry (string) Registry represents a single or multiple Quobyte Registry services
specified as a string as host:port pair (multiple entries are separated
with commas) which acts as the central registry for volumes
- tenant (string) Tenant owning the given Quobyte volume in the Backend Used with dynamically
provisioned Quobyte volumes, value is set by the plugin
- user (string) User to map volume access to Defaults to serivceaccount user
- volume (string) Volume is a string that references an already created Quobyte volume by
name.
-
-
rbd (Object) RBD represents a Rados Block Device mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD
volumes support ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- image (string) The rados image name. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- keyring (string) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- monitors ([]string) A collection of Ceph monitors. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- pool (string) The rados pool name. Default is rbd. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
secretRef (Object) SecretRef is name of the authentication secret for RBDUser. If provided
overrides keyring. Default is nil. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) The rados user name. Default is admin. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-
scaleIO (Object) ScaleIO represents a ScaleIO persistent volume attached and mounted on
Kubernetes nodes.
ScaleIOVolumeSource represents a persistent ScaleIO volume
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
- gateway (string) The host address of the ScaleIO API Gateway.
- protectionDomain (string) The name of the ScaleIO Protection Domain for the configured storage.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef references to the secret for ScaleIO user and other sensitive
information. If this is not provided, Login operation will fail.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- sslEnabled (boolean) Flag to enable/disable SSL communication with Gateway, default false
- storageMode (string) Indicates whether the storage for a volume should be ThickProvisioned or
ThinProvisioned. Default is ThinProvisioned.
- storagePool (string) The ScaleIO Storage Pool associated with the protection domain.
- system (string) The name of the storage system as configured in ScaleIO.
- volumeName (string) The name of a volume already created in the ScaleIO system that is
associated with this volume source.
-
-
secret (Object) Secret represents a secret that should populate this volume. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
Adapts a Secret into a volume.
The contents of the target Secret's Data field will be presented in a
volume as files using the keys in the Data field as the file names. Secret
volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- optional (boolean) Specify whether the Secret or its keys must be defined
- secretName (string) Name of the secret in the pod's namespace to use. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
-
-
storageos (Object) StorageOS represents a StorageOS volume attached and mounted on Kubernetes
nodes.
Represents a StorageOS persistent volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef specifies the secret to use for obtaining the StorageOS API
credentials. If not specified, default values will be attempted.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeName (string) VolumeName is the human-readable name of the StorageOS volume. Volume names
are only unique within a namespace.
- volumeNamespace (string) VolumeNamespace specifies the scope of the volume within StorageOS. If no
namespace is specified then the Pod's namespace will be used. This allows
the Kubernetes name scoping to be mirrored within StorageOS for tighter
integration. Set VolumeName to any name to override the default behaviour.
Set to "default" if you are not using namespaces within StorageOS.
Namespaces that do not pre-exist within StorageOS will be created.
-
-
vsphereVolume (Object) VsphereVolume represents a vSphere volume attached and mounted on kubelets
host machine
Represents a vSphere volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- storagePolicyID (string) Storage Policy Based Management (SPBM) profile ID associated with the
StoragePolicyName.
- storagePolicyName (string) Storage Policy Based Management (SPBM) profile name.
- volumePath (string) Path that identifies vSphere volume vmdk
-
-
-
-
- ttlSecondsAfterFinished (integer) ttlSecondsAfterFinished limits the lifetime of a Job that has finished
execution (either Complete or Failed). If this field is set,
ttlSecondsAfterFinished after the Job finishes, it is eligible to be
automatically deleted. When the Job is being deleted, its lifecycle
guarantees (e.g. finalizers) will be honored. If this field is unset, the
Job won't be automatically deleted. If this field is set to zero, the Job
becomes eligible to be deleted immediately after it finishes.
-
-
status (Object) Current status of a job. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
JobStatus represents the current state of a Job.
- active (integer) The number of pending and running pods.
- completedIndexes (string) CompletedIndexes holds the completed indexes when .spec.completionMode =
"Indexed" in a text format. The indexes are represented as decimal integers
separated by commas. The numbers are listed in increasing order. Three or
more consecutive numbers are compressed and represented by the first and
last element of the series, separated by a hyphen. For example, if the
completed indexes are 1, 3, 4, 5 and 7, they are represented as "1,3-5,7".
- completionTime (string) Represents time when the job was completed. It is not guaranteed to be set
in happens-before order across separate operations. It is represented in
RFC3339 form and is in UTC. The completion time is only set when the job
finishes successfully.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
conditions ([]Object) The latest available observations of an object's current state. When a Job
fails, one of the conditions will have type "Failed" and status true. When
a Job is suspended, one of the conditions will have type "Suspended" and
status true; when the Job is resumed, the status of this condition will
become false. When a Job is completed, one of the conditions will have type
"Complete" and status true. More info:
https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
JobCondition describes current state of a job.
- lastProbeTime (string) Last time the condition was checked.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- lastTransitionTime (string) Last time the condition transit from one status to another.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) Human readable message indicating details about last transition.
- reason (string) (brief) reason for the condition's last transition.
- status (string) Status of the condition, one of True, False, Unknown.
- type (string) Type of job condition, Complete or Failed.
-
- failed (integer) The number of pods which reached phase Failed.
- ready (integer) The number of pods which have a Ready condition.
This field is alpha-level. The job controller populates the field when the
feature gate JobReadyPods is enabled (disabled by default).
- startTime (string) Represents time when the job controller started processing a job. When a
Job is created in the suspended state, this field is not set until the
first time it is resumed. This field is reset every time a Job is resumed
from suspension. It is represented in RFC3339 form and is in UTC.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- succeeded (integer) The number of pods which reached phase Succeeded.
-
uncountedTerminatedPods (Object) UncountedTerminatedPods holds the UIDs of Pods that have terminated but the
job controller hasn't yet accounted for in the status counters.
The job controller creates pods with a finalizer. When a pod terminates
(succeeded or failed), the controller does three steps to account for it in
the job status: (1) Add the pod UID to the arrays in this field. (2) Remove
the pod finalizer. (3) Remove the pod UID from the arrays while increasing
the corresponding
counter.
This field is beta-level. The job controller only makes use of this field
when the feature gate JobTrackingWithFinalizers is enabled (enabled by
default). Old jobs might not be tracked using this field, in which case the
field remains null.
UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't
been accounted in Job status counters.
- failed ([]string) Failed holds UIDs of failed Pods.
- succeeded ([]string) Succeeded holds UIDs of succeeded Pods.
-
-
-
-
HorizontalPodAutoscaler HorizontalPodAutoscaler is the configuration for a horizontal pod
autoscaler, which automatically manages the replica count of any resource
implementing the scale subresource based on the metrics specified.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) metadata is the standard object metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) spec is the specification for the behaviour of the autoscaler. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
HorizontalPodAutoscalerSpec describes the desired functionality of the
HorizontalPodAutoscaler.
-
behavior (Object) behavior configures the scaling behavior of the target in both Up and Down
directions (scaleUp and scaleDown fields respectively). If not set, the
default HPAScalingRules for scale up and scale down are used.
HorizontalPodAutoscalerBehavior configures the scaling behavior of the
target in both Up and Down directions (scaleUp and scaleDown fields
respectively).
-
scaleDown (Object) scaleDown is scaling policy for scaling Down. If not set, the default value
is to allow to scale down to minReplicas pods, with a 300 second
stabilization window (i.e., the highest recommendation for the last 300sec
is used).
HPAScalingRules configures the scaling behavior for one direction. These
Rules are applied after calculating DesiredReplicas from metrics for the
HPA. They can limit the scaling velocity by specifying scaling policies.
They can prevent flapping by specifying the stabilization window, so that
the number of replicas is not set instantly, instead, the safest value from
the stabilization window is chosen.
-
policies ([]Object) policies is a list of potential scaling polices which can be used during
scaling. At least one policy must be specified, otherwise the
HPAScalingRules will be discarded as invalid
HPAScalingPolicy is a single policy which must hold true for a specified
past interval.
- periodSeconds (integer) PeriodSeconds specifies the window of time for which the policy should hold
true. PeriodSeconds must be greater than zero and less than or equal to
1800 (30 min).
- type (string) Type is used to specify the scaling policy.
- value (integer) Value contains the amount of change which is permitted by the policy. It
must be greater than zero
-
- selectPolicy (string) selectPolicy is used to specify which policy should be used. If not set,
the default value Max is used.
- stabilizationWindowSeconds (integer) StabilizationWindowSeconds is the number of seconds for which past
recommendations should be considered while scaling up or scaling down.
StabilizationWindowSeconds must be greater than or equal to zero and less
than or equal to 3600 (one hour). If not set, use the default values: - For
scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e.
the stabilization window is 300 seconds long).
-
-
scaleUp (Object) scaleUp is scaling policy for scaling Up. If not set, the default value is
the higher of:
* increase no more than 4 pods per 60 seconds
* double the number of pods per 60 seconds No stabilization is used.
HPAScalingRules configures the scaling behavior for one direction. These
Rules are applied after calculating DesiredReplicas from metrics for the
HPA. They can limit the scaling velocity by specifying scaling policies.
They can prevent flapping by specifying the stabilization window, so that
the number of replicas is not set instantly, instead, the safest value from
the stabilization window is chosen.
-
policies ([]Object) policies is a list of potential scaling polices which can be used during
scaling. At least one policy must be specified, otherwise the
HPAScalingRules will be discarded as invalid
HPAScalingPolicy is a single policy which must hold true for a specified
past interval.
- periodSeconds (integer) PeriodSeconds specifies the window of time for which the policy should hold
true. PeriodSeconds must be greater than zero and less than or equal to
1800 (30 min).
- type (string) Type is used to specify the scaling policy.
- value (integer) Value contains the amount of change which is permitted by the policy. It
must be greater than zero
-
- selectPolicy (string) selectPolicy is used to specify which policy should be used. If not set,
the default value Max is used.
- stabilizationWindowSeconds (integer) StabilizationWindowSeconds is the number of seconds for which past
recommendations should be considered while scaling up or scaling down.
StabilizationWindowSeconds must be greater than or equal to zero and less
than or equal to 3600 (one hour). If not set, use the default values: - For
scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e.
the stabilization window is 300 seconds long).
-
-
- maxReplicas (integer) maxReplicas is the upper limit for the number of replicas to which the
autoscaler can scale up. It cannot be less that minReplicas.
-
metrics ([]Object) metrics contains the specifications for which to use to calculate the
desired replica count (the maximum replica count across all metrics will be
used). The desired replica count is calculated multiplying the ratio
between the target value and the current value by the current number of
pods. Ergo, metrics used must decrease as the pod count is increased, and
vice-versa. See the individual metric source types for more information
about how each type of metric must respond. If not set, the default metric
will be set to 80%!a(MISSING)verage CPU utilization.
MetricSpec specifies how to scale based on a single metric (only `type` and
one other matching field should be set at once).
-
containerResource (Object) containerResource refers to a resource metric (such as those specified in
requests and limits) known to Kubernetes describing a single container in
each pod of the current scale target (e.g. CPU or memory). Such metrics are
built in to Kubernetes, and have special scaling options on top of those
available to normal per-pod metrics using the "pods" source. This is an
alpha feature and can be enabled by the HPAContainerMetrics feature flag.
ContainerResourceMetricSource indicates how to scale on a resource metric
known to Kubernetes, as specified in requests and limits, describing each
pod in the current scale target (e.g. CPU or memory). The values will be
averaged together before being compared to the target. Such metrics are
built in to Kubernetes, and have special scaling options on top of those
available to normal per-pod metrics using the "pods" source. Only one
"target" type should be set.
- container (string) container is the name of the container in the pods of the scaling target
- name (string) name is the name of the resource in question.
-
target (Object) target specifies the target value for the given metric
MetricTarget defines the target value, average value, or average
utilization of a specific metric
- averageUtilization (integer) averageUtilization is the target value of the average of the resource
metric across all relevant pods, represented as a percentage of the
requested value of the resource for the pods. Currently only valid for
Resource metric source type
- averageValue (string) averageValue is the target value of the average of the metric across all
relevant pods (as a quantity)
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- type (string) type represents whether the metric type is Utilization, Value, or
AverageValue
- value (string) value is the target value of the metric (as a quantity).
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
-
external (Object) external refers to a global metric that is not associated with any
Kubernetes object. It allows autoscaling based on information coming from
components running outside of cluster (for example length of queue in cloud
messaging service, or QPS from loadbalancer running outside of cluster).
ExternalMetricSource indicates how to scale on a metric not associated with
any Kubernetes object (for example length of queue in cloud messaging
service, or QPS from loadbalancer running outside of cluster).
-
metric (Object) metric identifies the target metric by name and selector
MetricIdentifier defines the name and optionally selector for a metric
- name (string) name is the name of the given metric
-
selector (Object) selector is the string-encoded form of a standard kubernetes label selector
for the given metric When set, it is passed as an additional parameter to
the metrics server for more specific metrics scoping. When unset, just the
metricName will be used to gather metrics.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
-
target (Object) target specifies the target value for the given metric
MetricTarget defines the target value, average value, or average
utilization of a specific metric
- averageUtilization (integer) averageUtilization is the target value of the average of the resource
metric across all relevant pods, represented as a percentage of the
requested value of the resource for the pods. Currently only valid for
Resource metric source type
- averageValue (string) averageValue is the target value of the average of the metric across all
relevant pods (as a quantity)
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- type (string) type represents whether the metric type is Utilization, Value, or
AverageValue
- value (string) value is the target value of the metric (as a quantity).
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
-
object (Object) object refers to a metric describing a single kubernetes object (for
example, hits-per-second on an Ingress object).
ObjectMetricSource indicates how to scale on a metric describing a
kubernetes object (for example, hits-per-second on an Ingress object).
-
describedObject (Object) describedObject specifies the descriptions of a object,such as kind,name
apiVersion
CrossVersionObjectReference contains enough information to let you identify
the referred resource.
- apiVersion (string) API version of the referent
- kind (string) Kind of the referent; More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
- name (string) Name of the referent; More info:
http://kubernetes.io/docs/user-guide/identifiers#names
-
-
metric (Object) metric identifies the target metric by name and selector
MetricIdentifier defines the name and optionally selector for a metric
- name (string) name is the name of the given metric
-
selector (Object) selector is the string-encoded form of a standard kubernetes label selector
for the given metric When set, it is passed as an additional parameter to
the metrics server for more specific metrics scoping. When unset, just the
metricName will be used to gather metrics.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
-
target (Object) target specifies the target value for the given metric
MetricTarget defines the target value, average value, or average
utilization of a specific metric
- averageUtilization (integer) averageUtilization is the target value of the average of the resource
metric across all relevant pods, represented as a percentage of the
requested value of the resource for the pods. Currently only valid for
Resource metric source type
- averageValue (string) averageValue is the target value of the average of the metric across all
relevant pods (as a quantity)
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- type (string) type represents whether the metric type is Utilization, Value, or
AverageValue
- value (string) value is the target value of the metric (as a quantity).
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
-
pods (Object) pods refers to a metric describing each pod in the current scale target
(for example, transactions-processed-per-second). The values will be
averaged together before being compared to the target value.
PodsMetricSource indicates how to scale on a metric describing each pod in
the current scale target (for example, transactions-processed-per-second).
The values will be averaged together before being compared to the target
value.
-
metric (Object) metric identifies the target metric by name and selector
MetricIdentifier defines the name and optionally selector for a metric
- name (string) name is the name of the given metric
-
selector (Object) selector is the string-encoded form of a standard kubernetes label selector
for the given metric When set, it is passed as an additional parameter to
the metrics server for more specific metrics scoping. When unset, just the
metricName will be used to gather metrics.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
-
target (Object) target specifies the target value for the given metric
MetricTarget defines the target value, average value, or average
utilization of a specific metric
- averageUtilization (integer) averageUtilization is the target value of the average of the resource
metric across all relevant pods, represented as a percentage of the
requested value of the resource for the pods. Currently only valid for
Resource metric source type
- averageValue (string) averageValue is the target value of the average of the metric across all
relevant pods (as a quantity)
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- type (string) type represents whether the metric type is Utilization, Value, or
AverageValue
- value (string) value is the target value of the metric (as a quantity).
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
-
resource (Object) resource refers to a resource metric (such as those specified in requests
and limits) known to Kubernetes describing each pod in the current scale
target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and
have special scaling options on top of those available to normal per-pod
metrics using the "pods" source.
ResourceMetricSource indicates how to scale on a resource metric known to
Kubernetes, as specified in requests and limits, describing each pod in the
current scale target (e.g. CPU or memory). The values will be averaged
together before being compared to the target. Such metrics are built in to
Kubernetes, and have special scaling options on top of those available to
normal per-pod metrics using the "pods" source. Only one "target" type
should be set.
- name (string) name is the name of the resource in question.
-
target (Object) target specifies the target value for the given metric
MetricTarget defines the target value, average value, or average
utilization of a specific metric
- averageUtilization (integer) averageUtilization is the target value of the average of the resource
metric across all relevant pods, represented as a percentage of the
requested value of the resource for the pods. Currently only valid for
Resource metric source type
- averageValue (string) averageValue is the target value of the average of the metric across all
relevant pods (as a quantity)
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- type (string) type represents whether the metric type is Utilization, Value, or
AverageValue
- value (string) value is the target value of the metric (as a quantity).
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
- type (string) type is the type of metric source. It should be one of "ContainerResource",
"External", "Object", "Pods" or "Resource", each mapping to a matching
field in the object. Note: "ContainerResource" type is available on when
the feature-gate HPAContainerMetrics is enabled
-
- minReplicas (integer) minReplicas is the lower limit for the number of replicas to which the
autoscaler can scale down. It defaults to 1 pod. minReplicas is allowed to
be 0 if the alpha feature gate HPAScaleToZero is enabled and at least one
Object or External metric is configured. Scaling is active as long as at
least one metric value is available.
-
scaleTargetRef (Object) scaleTargetRef points to the target resource to scale, and is used to the
pods for which metrics should be collected, as well as to actually change
the replica count.
CrossVersionObjectReference contains enough information to let you identify
the referred resource.
- apiVersion (string) API version of the referent
- kind (string) Kind of the referent; More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
- name (string) Name of the referent; More info:
http://kubernetes.io/docs/user-guide/identifiers#names
-
-
-
status (Object) status is the current information about the autoscaler.
HorizontalPodAutoscalerStatus describes the current status of a horizontal
pod autoscaler.
-
conditions ([]Object) conditions is the set of conditions required for this autoscaler to scale
its target, and indicates whether or not those conditions are met.
HorizontalPodAutoscalerCondition describes the state of a
HorizontalPodAutoscaler at a certain point.
- lastTransitionTime (string) lastTransitionTime is the last time the condition transitioned from one
status to another
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) message is a human-readable explanation containing details about the
transition
- reason (string) reason is the reason for the condition's last transition.
- status (string) status is the status of the condition (True, False, Unknown)
- type (string) type describes the current condition
-
-
currentMetrics ([]Object) currentMetrics is the last read state of the metrics used by this
autoscaler.
MetricStatus describes the last-read state of a single metric.
-
containerResource (Object) container resource refers to a resource metric (such as those specified in
requests and limits) known to Kubernetes describing a single container in
each pod in the current scale target (e.g. CPU or memory). Such metrics are
built in to Kubernetes, and have special scaling options on top of those
available to normal per-pod metrics using the "pods" source.
ContainerResourceMetricStatus indicates the current value of a resource
metric known to Kubernetes, as specified in requests and limits, describing
a single container in each pod in the current scale target (e.g. CPU or
memory). Such metrics are built in to Kubernetes, and have special scaling
options on top of those available to normal per-pod metrics using the
"pods" source.
- container (string) Container is the name of the container in the pods of the scaling target
-
current (Object) current contains the current value for the given metric
MetricValueStatus holds the current value for a metric
- averageUtilization (integer) currentAverageUtilization is the current value of the average of the
resource metric across all relevant pods, represented as a percentage of
the requested value of the resource for the pods.
- averageValue (string) averageValue is the current value of the average of the metric across all
relevant pods (as a quantity)
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- value (string) value is the current value of the metric (as a quantity).
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
- name (string) Name is the name of the resource in question.
-
-
external (Object) external refers to a global metric that is not associated with any
Kubernetes object. It allows autoscaling based on information coming from
components running outside of cluster (for example length of queue in cloud
messaging service, or QPS from loadbalancer running outside of cluster).
ExternalMetricStatus indicates the current value of a global metric not
associated with any Kubernetes object.
-
current (Object) current contains the current value for the given metric
MetricValueStatus holds the current value for a metric
- averageUtilization (integer) currentAverageUtilization is the current value of the average of the
resource metric across all relevant pods, represented as a percentage of
the requested value of the resource for the pods.
- averageValue (string) averageValue is the current value of the average of the metric across all
relevant pods (as a quantity)
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- value (string) value is the current value of the metric (as a quantity).
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
metric (Object) metric identifies the target metric by name and selector
MetricIdentifier defines the name and optionally selector for a metric
- name (string) name is the name of the given metric
-
selector (Object) selector is the string-encoded form of a standard kubernetes label selector
for the given metric When set, it is passed as an additional parameter to
the metrics server for more specific metrics scoping. When unset, just the
metricName will be used to gather metrics.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
-
-
object (Object) object refers to a metric describing a single kubernetes object (for
example, hits-per-second on an Ingress object).
ObjectMetricStatus indicates the current value of a metric describing a
kubernetes object (for example, hits-per-second on an Ingress object).
-
current (Object) current contains the current value for the given metric
MetricValueStatus holds the current value for a metric
- averageUtilization (integer) currentAverageUtilization is the current value of the average of the
resource metric across all relevant pods, represented as a percentage of
the requested value of the resource for the pods.
- averageValue (string) averageValue is the current value of the average of the metric across all
relevant pods (as a quantity)
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- value (string) value is the current value of the metric (as a quantity).
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
describedObject (Object) DescribedObject specifies the descriptions of a object,such as kind,name
apiVersion
CrossVersionObjectReference contains enough information to let you identify
the referred resource.
- apiVersion (string) API version of the referent
- kind (string) Kind of the referent; More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
- name (string) Name of the referent; More info:
http://kubernetes.io/docs/user-guide/identifiers#names
-
-
metric (Object) metric identifies the target metric by name and selector
MetricIdentifier defines the name and optionally selector for a metric
- name (string) name is the name of the given metric
-
selector (Object) selector is the string-encoded form of a standard kubernetes label selector
for the given metric When set, it is passed as an additional parameter to
the metrics server for more specific metrics scoping. When unset, just the
metricName will be used to gather metrics.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
-
-
pods (Object) pods refers to a metric describing each pod in the current scale target
(for example, transactions-processed-per-second). The values will be
averaged together before being compared to the target value.
PodsMetricStatus indicates the current value of a metric describing each
pod in the current scale target (for example,
transactions-processed-per-second).
-
current (Object) current contains the current value for the given metric
MetricValueStatus holds the current value for a metric
- averageUtilization (integer) currentAverageUtilization is the current value of the average of the
resource metric across all relevant pods, represented as a percentage of
the requested value of the resource for the pods.
- averageValue (string) averageValue is the current value of the average of the metric across all
relevant pods (as a quantity)
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- value (string) value is the current value of the metric (as a quantity).
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
metric (Object) metric identifies the target metric by name and selector
MetricIdentifier defines the name and optionally selector for a metric
- name (string) name is the name of the given metric
-
selector (Object) selector is the string-encoded form of a standard kubernetes label selector
for the given metric When set, it is passed as an additional parameter to
the metrics server for more specific metrics scoping. When unset, just the
metricName will be used to gather metrics.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
-
-
resource (Object) resource refers to a resource metric (such as those specified in requests
and limits) known to Kubernetes describing each pod in the current scale
target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and
have special scaling options on top of those available to normal per-pod
metrics using the "pods" source.
ResourceMetricStatus indicates the current value of a resource metric known
to Kubernetes, as specified in requests and limits, describing each pod in
the current scale target (e.g. CPU or memory). Such metrics are built in to
Kubernetes, and have special scaling options on top of those available to
normal per-pod metrics using the "pods" source.
-
current (Object) current contains the current value for the given metric
MetricValueStatus holds the current value for a metric
- averageUtilization (integer) currentAverageUtilization is the current value of the average of the
resource metric across all relevant pods, represented as a percentage of
the requested value of the resource for the pods.
- averageValue (string) averageValue is the current value of the average of the metric across all
relevant pods (as a quantity)
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- value (string) value is the current value of the metric (as a quantity).
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
- name (string) Name is the name of the resource in question.
-
- type (string) type is the type of metric source. It will be one of "ContainerResource",
"External", "Object", "Pods" or "Resource", each corresponds to a matching
field in the object. Note: "ContainerResource" type is available on when
the feature-gate HPAContainerMetrics is enabled
-
- currentReplicas (integer) currentReplicas is current number of replicas of pods managed by this
autoscaler, as last seen by the autoscaler.
- desiredReplicas (integer) desiredReplicas is the desired number of replicas of pods managed by this
autoscaler, as last calculated by the autoscaler.
- lastScaleTime (string) lastScaleTime is the last time the HorizontalPodAutoscaler scaled the
number of pods, used by the autoscaler to control how often the number of
pods is changed.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- observedGeneration (integer) observedGeneration is the most recent generation observed by this
autoscaler.
-
-
-
PodTemplate PodTemplate describes a template for creating copies of a predefined pod.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
template (Object) Template defines the pods that will be created from this pod template.
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
PodTemplateSpec describes the data a pod should have when created from a
template
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
PodSpec is a description of a pod.
- activeDeadlineSeconds (integer) Optional duration in seconds the pod may be active on the node relative to
StartTime before the system will actively try to mark it failed and kill
associated containers. Value must be a positive integer.
-
affinity (Object) If specified, the pod's scheduling constraints
Affinity is a group of affinity scheduling rules.
-
nodeAffinity (Object) Describes node affinity scheduling rules for the pod.
Node affinity is a group of node affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node matches
the corresponding matchExpressions; the node(s) with the highest sum are
the most preferred.
An empty preferred scheduling term matches all objects with implicit weight
0 (i.e. it's a no-op). A null preferred scheduling term matches no objects
(i.e. is also a no-op).
-
preference (Object) A node selector term, associated with the corresponding weight.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
- weight (integer) Weight associated with matching the corresponding nodeSelectorTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution (Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to an update), the system may or may not try
to eventually evict the pod from its node.
A node selector represents the union of the results of one or more label
queries over a set of nodes; that is, it represents the OR of the selectors
represented by the node selector terms.
-
nodeSelectorTerms ([]Object) Required. A list of node selector terms. The terms are ORed.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
-
-
-
podAffinity (Object) Describes pod affinity scheduling rules (e.g. co-locate this pod in the
same node, zone, etc. as some other pod(s)).
Pod affinity is a group of inter pod affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node has pods
which matches the corresponding podAffinityTerm; the node(s) with the
highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to a pod label update), the system may or
may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
podAntiAffinity (Object) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod
in the same node, zone, etc. as some other pod(s)).
Pod anti affinity is a group of inter pod anti affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
anti-affinity expressions specified by this field, but it may choose a node
that violates one or more of the expressions. The node that is most
preferred is the one with the greatest sum of weights, i.e. for each node
that meets all of the scheduling requirements (resource request,
requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by
iterating through the elements of this field and adding "weight" to the sum
if the node has pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the anti-affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
anti-affinity requirements specified by this field cease to be met at some
point during pod execution (e.g. due to a pod label update), the system may
or may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
- automountServiceAccountToken (boolean) AutomountServiceAccountToken indicates whether a service account token
should be automatically mounted.
-
containers ([]Object) List of containers belonging to the pod. Containers cannot currently be
added or removed. There must be at least one container in a Pod. Cannot be
updated.
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
dnsConfig (Object) Specifies the DNS parameters of a pod. Parameters specified here will be
merged to the generated DNS configuration based on DNSPolicy.
PodDNSConfig defines the DNS parameters of a pod in addition to those
generated from DNSPolicy.
- nameservers ([]string) A list of DNS name server IP addresses. This will be appended to the base
nameservers generated from DNSPolicy. Duplicated nameservers will be
removed.
-
options ([]Object) A list of DNS resolver options. This will be merged with the base options
generated from DNSPolicy. Duplicated entries will be removed. Resolution
options given in Options will override those that appear in the base
DNSPolicy.
PodDNSConfigOption defines DNS resolver options of a pod.
- name (string) Required.
- value (string) (empty)
-
- searches ([]string) A list of DNS search domains for host-name lookup. This will be appended to
the base search paths generated from DNSPolicy. Duplicated search paths
will be removed.
-
- dnsPolicy (string) Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are
'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS
parameters given in DNSConfig will be merged with the policy selected with
DNSPolicy. To have DNS options set along with hostNetwork, you have to
specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
- enableServiceLinks (boolean) EnableServiceLinks indicates whether information about services should be
injected into pod's environment variables, matching the syntax of Docker
links. Optional: Defaults to true.
-
ephemeralContainers ([]Object) List of ephemeral containers run in this pod. Ephemeral containers may be
run in an existing pod to perform user-initiated actions such as debugging.
This list cannot be specified when creating a pod, and it cannot be
modified by updating the pod spec. In order to add an ephemeral container
to an existing pod, use the pod's ephemeralcontainers subresource. This
field is beta-level and available on clusters that haven't disabled the
EphemeralContainers feature gate.
An EphemeralContainer is a temporary container that you may add to an
existing Pod for user-initiated activities such as debugging. Ephemeral
containers have no resource or scheduling guarantees, and they will not be
restarted when they exit or when a Pod is removed or restarted. The kubelet
may evict a Pod if an ephemeral container causes the Pod to exceed its
resource allocation.
To add an ephemeral container, use the ephemeralcontainers subresource of
an existing Pod. Ephemeral containers may not be removed or restarted.
This is a beta feature available on clusters that haven't disabled the
EphemeralContainers feature gate.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Lifecycle is not allowed for ephemeral containers.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the ephemeral container specified as a DNS_LABEL. This name must be
unique among all containers, init containers and ephemeral containers.
-
ports ([]Object) Ports are not allowed for ephemeral containers.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Resources are not allowed for ephemeral containers. Ephemeral containers
use spare resources already allocated to the pod.
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) Optional: SecurityContext defines the security options the ephemeral
container should be run with. If set, the fields of SecurityContext
override the equivalent fields of PodSecurityContext.
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- targetContainerName (string) If set, the name of the container from PodSpec that this ephemeral
container targets. The ephemeral container will be run in the namespaces
(IPC, PID, etc) of this container. If not set then the ephemeral container
uses the namespaces configured in the Pod spec.
The container runtime must implement support for this feature. If the
runtime does not support namespace targeting then the result of setting
this field is undefined.
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Subpath mounts are
not allowed for ephemeral containers. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
hostAliases ([]Object) HostAliases is an optional list of hosts and IPs that will be injected into
the pod's hosts file if specified. This is only valid for non-hostNetwork
pods.
HostAlias holds the mapping between IP and hostnames that will be injected
as an entry in the pod's hosts file.
- hostnames ([]string) Hostnames for the above IP address.
- ip (string) IP address of the host file entry.
-
- hostIPC (boolean) Use the host's ipc namespace. Optional: Default to false.
- hostNetwork (boolean) Host networking requested for this pod. Use the host's network namespace.
If this option is set, the ports that will be used must be specified.
Default to false.
- hostPID (boolean) Use the host's pid namespace. Optional: Default to false.
- hostname (string) Specifies the hostname of the Pod If not specified, the pod's hostname will
be set to a system-defined value.
-
imagePullSecrets ([]Object) ImagePullSecrets is an optional list of references to secrets in the same
namespace to use for pulling any of the images used by this PodSpec. If
specified, these secrets will be passed to individual puller
implementations for them to use. For example, in the case of docker, only
DockerConfig type secrets are honored. More info:
https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
initContainers ([]Object) List of initialization containers belonging to the pod. Init containers are
executed in order prior to containers being started. If any init container
fails, the pod is considered to have failed and is handled according to its
restartPolicy. The name for an init container or normal container must be
unique among all containers. Init containers may not have Lifecycle
actions, Readiness probes, Liveness probes, or Startup probes. The
resourceRequirements of an init container are taken into account during
scheduling by finding the highest request/limit for each resource type, and
then using the max of of that value or the sum of the normal containers.
Limits are applied to init containers in a similar fashion. Init containers
cannot currently be added or removed. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
- nodeName (string) NodeName is a request to schedule this pod onto a specific node. If it is
non-empty, the scheduler simply schedules this pod onto that node, assuming
that it fits resource requirements.
- nodeSelector (map[string]string) NodeSelector is a selector which must be true for the pod to fit on a node.
Selector which must match a node's labels for the pod to be scheduled on
that node. More info:
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-
os (Object) Specifies the OS of the containers in the pod. Some pod and container
fields are restricted if this is set.
If the OS field is set to linux, the following fields must be unset:
-securityContext.windowsOptions
If the OS field is set to windows, following fields must be unset: -
spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions -
spec.securityContext.seccompProfile - spec.securityContext.fsGroup -
spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls -
spec.shareProcessNamespace - spec.securityContext.runAsUser -
spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups -
spec.containers[*].securityContext.seLinuxOptions -
spec.containers[*].securityContext.seccompProfile -
spec.containers[*].securityContext.capabilities -
spec.containers[*].securityContext.readOnlyRootFilesystem -
spec.containers[*].securityContext.privileged -
spec.containers[*].securityContext.allowPrivilegeEscalation -
spec.containers[*].securityContext.procMount -
spec.containers[*].securityContext.runAsUser -
spec.containers[*].securityContext.runAsGroup This is an alpha field and
requires the IdentifyPodOS feature
PodOS defines the OS parameters of a pod.
- name (string) Name is the name of the operating system. The currently supported values
are linux and windows. Additional value may be defined in future and can be
one of:
https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
Clients should expect to handle additional values and treat unrecognized
values in this field as os: null
-
- overhead (map[string]string) Overhead represents the resource overhead associated with running a pod for
a given RuntimeClass. This field will be autopopulated at admission time by
the RuntimeClass admission controller. If the RuntimeClass admission
controller is enabled, overhead must not be set in Pod create requests. The
RuntimeClass admission controller will reject Pod create requests which
have the overhead already set. If RuntimeClass is configured and selected
in the PodSpec, Overhead will be set to the value defined in the
corresponding RuntimeClass, otherwise it will remain unset and treated as
zero. More info:
https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
This field is beta-level as of Kubernetes v1.18, and is only honored by
servers that enable the PodOverhead feature.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- preemptionPolicy (string) PreemptionPolicy is the Policy for preempting pods with lower priority. One
of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
This field is beta-level, gated by the NonPreemptingPriority feature-gate.
- priority (integer) The priority value. Various system components use this field to find the
priority of the pod. When Priority Admission Controller is enabled, it
prevents users from setting this field. The admission controller populates
this field from PriorityClassName. The higher the value, the higher the
priority.
- priorityClassName (string) If specified, indicates the pod's priority. "system-node-critical" and
"system-cluster-critical" are two special keywords which indicate the
highest priorities with the former being the highest priority. Any other
name must be defined by creating a PriorityClass object with that name. If
not specified, the pod priority will be default or zero if there is no
default.
-
readinessGates ([]Object) If specified, all readiness gates will be evaluated for pod readiness. A
pod is ready when all its containers are ready AND all conditions specified
in the readiness gates have status equal to "True" More info:
https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
PodReadinessGate contains the reference to a pod condition
- conditionType (string) ConditionType refers to a condition in the pod's condition list with
matching type.
-
- restartPolicy (string) Restart policy for all containers within the pod. One of Always, OnFailure,
Never. Default to Always. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
- runtimeClassName (string) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group,
which should be used to run this pod. If no RuntimeClass resource matches
the named class, the pod will not be run. If unset or empty, the "legacy"
RuntimeClass will be used, which is an implicit class with an empty
definition that uses the default runtime handler. More info:
https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class This is a
beta feature as of Kubernetes v1.14.
- schedulerName (string) If specified, the pod will be dispatched by specified scheduler. If not
specified, the pod will be dispatched by default scheduler.
-
securityContext (Object) SecurityContext holds pod-level security attributes and common container
settings. Optional: Defaults to empty. See type description for default
values of each field.
PodSecurityContext holds pod-level security attributes and common container
settings. Some fields are also present in container.securityContext. Field
values of container.securityContext take precedence over field values of
PodSecurityContext.
- fsGroup (integer) A special supplemental group that applies to all containers in a pod. Some
volume types allow the Kubelet to change the ownership of that volume to be
owned by the pod:
1. The owning GID will be the FSGroup 2. The setgid bit is set (new files
created in the volume will be owned by FSGroup) 3. The permission bits are
OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any
volume. Note that this field cannot be set when spec.os.name is windows.
- fsGroupChangePolicy (string) fsGroupChangePolicy defines behavior of changing ownership and permission
of the volume before being exposed inside Pod. This field will only apply
to volume types which support fsGroup based ownership(and permissions). It
will have no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always". If not
specified, "Always" is used. Note that this field cannot be set when
spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence for that container.
Note that this field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to all containers. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by the containers in this pod. Note that this
field cannot be set when spec.os.name is windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
- supplementalGroups ([]integer) A list of groups applied to the first process run in each container, in
addition to the container's primary GID. If unspecified, no groups will be
added to any container. Note that this field cannot be set when
spec.os.name is windows.
-
sysctls ([]Object) Sysctls hold a list of namespaced sysctls used for the pod. Pods with
unsupported sysctls (by the container runtime) might fail to launch. Note
that this field cannot be set when spec.os.name is windows.
Sysctl defines a kernel parameter to be set
- name (string) Name of a property to set
- value (string) Value of a property to set
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options within a container's SecurityContext will be used. If set in
both SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
- serviceAccount (string) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
Deprecated: Use serviceAccountName instead.
- serviceAccountName (string) ServiceAccountName is the name of the ServiceAccount to use to run this
pod. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- setHostnameAsFQDN (boolean) If true the pod's hostname will be configured as the pod's FQDN, rather
than the leaf name (the default). In Linux containers, this means setting
the FQDN in the hostname field of the kernel (the nodename field of struct
utsname). In Windows containers, this means setting the registry value of
hostname for the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to
FQDN. If a pod does not have FQDN, this has no effect. Default to false.
- shareProcessNamespace (boolean) Share a single process namespace between all of the containers in a pod.
When this is set containers will be able to view and signal processes from
other containers in the same pod, and the first process in each container
will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both
be set. Optional: Default to false.
- subdomain (string) If specified, the fully qualified Pod hostname will be
"(hostname).(subdomain).(pod namespace).svc.(cluster domain)". If not
specified, the pod will not have a domainname at all.
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully. May be
decreased in delete request. Value must be non-negative integer. The value
zero indicates stop immediately via the kill signal (no opportunity to shut
down). If this value is nil, the default grace period will be used instead.
The grace period is the duration in seconds after the processes running in
the pod are sent a termination signal and the time when the processes are
forcibly halted with a kill signal. Set this value longer than the expected
cleanup time for your process. Defaults to 30 seconds.
-
tolerations ([]Object) If specified, the pod's tolerations.
The pod this Toleration is attached to tolerates any taint that matches the
triple (key,value,effect) using the matching operator (operator).
- effect (string) Effect indicates the taint effect to match. Empty means match all taint
effects. When specified, allowed values are NoSchedule, PreferNoSchedule
and NoExecute.
- key (string) Key is the taint key that the toleration applies to. Empty means match all
taint keys. If the key is empty, operator must be Exists; this combination
means to match all values and all keys.
- operator (string) Operator represents a key's relationship to the value. Valid operators are
Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for
value, so that a pod can tolerate all taints of a particular category.
- tolerationSeconds (integer) TolerationSeconds represents the period of time the toleration (which must
be of effect NoExecute, otherwise this field is ignored) tolerates the
taint. By default, it is not set, which means tolerate the taint forever
(do not evict). Zero and negative values will be treated as 0 (evict
immediately) by the system.
- value (string) Value is the taint value the toleration matches to. If the operator is
Exists, the value should be empty, otherwise just a regular string.
-
-
topologySpreadConstraints ([]Object) TopologySpreadConstraints describes how a group of pods ought to spread
across topology domains. Scheduler will schedule pods in a way which abides
by the constraints. All topologySpreadConstraints are ANDed.
TopologySpreadConstraint specifies how to spread matching pods among the
given topology.
-
labelSelector (Object) LabelSelector is used to find matching pods. Pods that match this label
selector are counted to determine the number of pods in their corresponding
topology domain.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- maxSkew (integer) MaxSkew describes the degree to which pods may be unevenly distributed.
When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted
difference between the number of matching pods in the target topology and
the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1,
and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 |
zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled
to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the
ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2,
incoming pod can be scheduled onto any zone. When
`whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to
topologies that satisfy it. It's a required field. Default value is 1 and 0
is not allowed.
- topologyKey (string) TopologyKey is the key of node labels. Nodes that have a label with this
key and identical values are considered to be in the same topology. We
consider each (key, value) as a "bucket", and try to put balanced number of
pods into each bucket. It's a required field.
- whenUnsatisfiable (string) WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
the spread constraint. - DoNotSchedule (default) tells the scheduler not to
schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in
any location, but giving higher precedence to topologies that would help
reduce the skew. A constraint is considered "Unsatisfiable" for an incoming
pod if and only if every possible node assignment for that pod would
violate "MaxSkew" on some topology. For example, in a 3-zone cluster,
MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:
| zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to
DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become
3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In
other words, the cluster can still be imbalanced, but scheduler won't make
it *more* imbalanced. It's a required field.
-
-
volumes ([]Object) List of volumes that can be mounted by containers belonging to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes
Volume represents a named volume in a pod that may be accessed by any
container in the pod.
-
awsElasticBlockStore (Object) AWSElasticBlockStore represents an AWS Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
Represents a Persistent Disk resource in AWS.
An AWS EBS disk must exist before mounting to a container. The disk must
also be in the same AWS zone as the kubelet. An AWS EBS disk can only be
mounted as read/write once. AWS EBS volumes support ownership management
and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty).
- readOnly (boolean) Specify "true" to force and set the ReadOnly property in VolumeMounts to
"true". If omitted, the default is "false". More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- volumeID (string) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More
info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-
azureDisk (Object) AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
- cachingMode (string) Host Caching mode: None, Read Only, Read Write.
- diskName (string) The Name of the data disk in the blob storage
- diskURI (string) The URI the data disk in the blob storage
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- kind (string) Expected values Shared: multiple blob disks per storage account Dedicated:
single blob disk per storage account Managed: azure managed data disk (only
in managed availability set). defaults to shared
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
-
azureFile (Object) AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- secretName (string) the name of secret that contains Azure Storage Account Name and Key
- shareName (string) Share Name
-
-
cephfs (Object) CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs
volumes do not support ownership management or SELinux relabeling.
- monitors ([]string) Required: Monitors is a collection of Ceph monitors More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- path (string) Optional: Used as the mounted root, rather than the full Ceph tree, default
is /
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- secretFile (string) Optional: SecretFile is the path to key ring for User, default is
/etc/ceph/user.secret More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
secretRef (Object) Optional: SecretRef is reference to the authentication secret for User,
default is empty. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) Optional: User is the rados user name, default is admin More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-
cinder (Object) Cinder represents a cinder volume attached and mounted on kubelets host
machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
Represents a cinder volume resource in Openstack. A Cinder volume must
exist before mounting to a container. The volume must also be in the same
region as the kubelet. Cinder volumes support ownership management and
SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
be "ext4" if unspecified. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
secretRef (Object) Optional: points to a secret object containing parameters used to connect
to OpenStack.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeID (string) volume id used to identify the volume in cinder. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
-
configMap (Object) ConfigMap represents a configMap that should populate this volume
Adapts a ConfigMap into a volume.
The contents of the target ConfigMap's Data field will be presented in a
volume as files using the keys in the Data field as the file names, unless
the items element is populated with specific mappings of keys to paths.
ConfigMap volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
csi (Object) CSI (Container Storage Interface) represents ephemeral storage that is
handled by certain external CSI drivers (Beta feature).
Represents a source location of a volume to mount, managed by an external
CSI driver
- driver (string) Driver is the name of the CSI driver that handles this volume. Consult with
your admin for the correct name as registered in the cluster.
- fsType (string) Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the
empty value is passed to the associated CSI driver which will determine the
default filesystem to apply.
-
nodePublishSecretRef (Object) NodePublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls. This field is optional,
and may be empty if no secret is required. If the secret object contains
more than one secret, all secret references are passed.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- readOnly (boolean) Specifies a read-only configuration for the volume. Defaults to false
(read/write).
- volumeAttributes (map[string]string) VolumeAttributes stores driver-specific properties that are passed to the
CSI driver. Consult your driver's documentation for supported values.
-
-
downwardAPI (Object) DownwardAPI represents downward API about the pod that should populate this
volume
DownwardAPIVolumeSource represents a volume containing downward API info.
Downward API volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits to use on created files by default. Must be a Optional:
mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) Items is a list of downward API volume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
emptyDir (Object) EmptyDir represents a temporary directory that shares a pod's lifetime.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
Represents an empty directory for a pod. Empty directory volumes support
ownership management and SELinux relabeling.
- medium (string) What type of storage medium should back this directory. The default is ""
which means to use the node's default medium. Must be an empty string
(default) or Memory. More info:
https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- sizeLimit (string) Total amount of local storage required for this EmptyDir volume. The size
limit is also applicable for memory medium. The maximum usage on memory
medium EmptyDir would be the minimum value between the SizeLimit specified
here and the sum of memory limits of all containers in a pod. The default
is nil which means that the limit is undefined. More info:
http://kubernetes.io/docs/user-guide/volumes#emptydir
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
ephemeral (Object) Ephemeral represents a volume that is handled by a cluster storage driver.
The volume's lifecycle is tied to the pod that defines it - it will be
created before the pod starts, and deleted when the pod is removed.
Use this if: a) the volume is only needed while the pod runs, b) features
of normal volumes like restoring from snapshot or capacity tracking are
needed, c) the storage driver is specified through a storage class, and d)
the storage driver supports dynamic volume provisioning through a
PersistentVolumeClaim (see EphemeralVolumeSource for more information on
the connection between this volume type and PersistentVolumeClaim).
Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes
that persist for longer than the lifecycle of an individual pod.
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant
to be used that way - see the documentation of the driver for more
information.
A pod can use both types of ephemeral volumes and persistent volumes at the
same time.
Represents an ephemeral volume that is handled by a normal storage driver.
-
volumeClaimTemplate (Object) Will be used to create a stand-alone PVC to provision the volume. The pod
in which this EphemeralVolumeSource is embedded will be the owner of the
PVC, i.e. the PVC will be deleted together with the pod. The name of the
PVC will be `(pod name)-(volume name)` where `(volume name)` is the name
from the `PodSpec.Volumes` array entry. Pod validation will reject the pod
if the concatenated name is not valid for a PVC (for example, too long).
An existing PVC with that name that is not owned by the pod will *not* be
used for the pod to avoid using an unrelated volume by mistake. Starting
the pod is then blocked until the unrelated PVC is removed. If such a
pre-created PVC is meant to be used by the pod, the PVC has to updated with
an owner reference to the pod once the pod exists. Normally this should not
be necessary, but it may be useful when manually reconstructing a broken
cluster.
This field is read-only and no changes will be made by Kubernetes to the
PVC after it has been created.
Required, must not be nil.
PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim
objects as part of an EphemeralVolumeSource.
-
metadata (Object) May contain labels and annotations that will be copied into the PVC when
creating it. No other fields are allowed and will be rejected during
validation.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) The specification for the PersistentVolumeClaim. The entire content is
copied unchanged into the PVC that gets created from this template. The
same fields as in a PersistentVolumeClaim are also valid here.
PersistentVolumeClaimSpec describes the common attributes of storage
devices and allows a Source for provider-specific attributes
- accessModes ([]string) AccessModes contains the desired access modes the volume should have. More
info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-
dataSource (Object) This field can be used to specify either: * An existing VolumeSnapshot
object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC
(PersistentVolumeClaim) If the provisioner or an external controller can
support the specified data source, it will create a new volume based on the
contents of the specified data source. If the AnyVolumeDataSource feature
gate is enabled, this field will always have the same contents as the
DataSourceRef field.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
dataSourceRef (Object) Specifies the object from which to populate the volume with data, if a
non-empty volume is desired. This may be any local object from a non-empty
API group (non core object) or a PersistentVolumeClaim object. When this
field is specified, volume binding will only succeed if the type of the
specified object matches some installed volume populator or dynamic
provisioner. This field will replace the functionality of the DataSource
field and as such if both fields are non-empty, they must have the same
value. For backwards compatibility, both fields (DataSource and
DataSourceRef) will be set to the same value automatically if one of them
is empty and the other is non-empty. There are two important differences
between DataSource and DataSourceRef: * While DataSource only allows two
specific types of objects, DataSourceRef allows any non-core object, as
well as PersistentVolumeClaim objects.
* While DataSource ignores disallowed values (dropping them), DataSourceRef
preserves all values, and generates an error if a disallowed value is
specified. (Alpha) Using this field requires the AnyVolumeDataSource
feature gate to be enabled.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
resources (Object) Resources represents the minimum resources the volume should have. If
RecoverVolumeExpansionFailure feature is enabled users are allowed to
specify resource requirements that are lower than previous value but must
still be higher than capacity recorded in the status field of the claim.
More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
selector (Object) A label query over volumes to consider for binding.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- storageClassName (string) Name of the StorageClass required by the claim. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- volumeMode (string) volumeMode defines what type of volume is required by the claim. Value of
Filesystem is implied when not included in claim spec.
- volumeName (string) VolumeName is the binding reference to the PersistentVolume backing this
claim.
-
-
-
-
fc (Object) FC represents a Fibre Channel resource that is attached to a kubelet's host
machine and then exposed to the pod.
Represents a Fibre Channel volume. Fibre Channel volumes can only be
mounted as read/write once. Fibre Channel volumes support ownership
management and SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- lun (integer) Optional: FC target lun number
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
- targetWWNs ([]string) Optional: FC target worldwide names (WWNs)
- wwids ([]string) Optional: FC volume world wide identifiers (wwids) Either wwids or
combination of targetWWNs and lun must be set, but not both simultaneously.
-
-
flexVolume (Object) FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
- driver (string) Driver is the name of the driver to use for this volume.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends
on FlexVolume script.
- options (map[string]string) Optional: Extra command options if any.
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
-
secretRef (Object) Optional: SecretRef is reference to the secret object containing sensitive
information to pass to the plugin scripts. This may be empty if no secret
object is specified. If the secret object contains more than one secret,
all secrets are passed to the plugin scripts.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
flocker (Object) Flocker represents a Flocker volume attached to a kubelet's host machine.
This depends on the Flocker control service being running
Represents a Flocker volume mounted by the Flocker agent. One and only one
of datasetName and datasetUUID should be set. Flocker volumes do not
support ownership management or SELinux relabeling.
- datasetName (string) Name of the dataset stored as metadata -) name on the dataset for Flocker
should be considered as deprecated
- datasetUUID (string) UUID of the dataset. This is unique identifier of a Flocker dataset
-
-
gcePersistentDisk (Object) GCEPersistentDisk represents a GCE Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
Represents a Persistent Disk resource in Google Compute Engine.
A GCE PD must exist before mounting to a container. The disk must also be
in the same GCE project and zone as the kubelet. A GCE PD can only be
mounted as read/write once or read-only many times. GCE PDs support
ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty). More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- pdName (string) Unique name of the PD resource in GCE. Used to identify the disk in GCE.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-
gitRepo (Object) GitRepo represents a git repository at a particular revision. DEPRECATED:
GitRepo is deprecated. To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo using git, then mount
the EmptyDir into the Pod's container.
Represents a volume that is populated with the contents of a git
repository. Git repo volumes do not support ownership management. Git repo
volumes support SELinux relabeling.
DEPRECATED: GitRepo is deprecated. To provision a container with a git
repo, mount an EmptyDir into an InitContainer that clones the repo using
git, then mount the EmptyDir into the Pod's container.
- directory (string) Target directory name. Must not contain or start with '..'. If '.' is
supplied, the volume directory will be the git repository. Otherwise, if
specified, the volume will contain the git repository in the subdirectory
with the given name.
- repository (string) Repository URL
- revision (string) Commit hash for the specified revision.
-
-
glusterfs (Object) Glusterfs represents a Glusterfs mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs
volumes do not support ownership management or SELinux relabeling.
- endpoints (string) EndpointsName is the endpoint name that details Glusterfs topology. More
info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- path (string) Path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- readOnly (boolean) ReadOnly here will force the Glusterfs volume to be mounted with read-only
permissions. Defaults to false. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-
hostPath (Object) HostPath represents a pre-existing file or directory on the host machine
that is directly exposed to the container. This is generally used for
system agents or other privileged things that are allowed to see the host
machine. Most containers will NOT need this. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
Represents a host path mapped into a pod. Host path volumes do not support
ownership management or SELinux relabeling.
- path (string) Path of the directory on the host. If the path is a symlink, it will follow
the link to the real path. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- type (string) Type for HostPath Volume Defaults to "" More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-
iscsi (Object) ISCSI represents an ISCSI Disk resource that is attached to a kubelet's
host machine and then exposed to the pod. More info:
https://examples.k8s.io/volumes/iscsi/README.md
Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write
once. ISCSI volumes support ownership management and SELinux relabeling.
- chapAuthDiscovery (boolean) whether support iSCSI Discovery CHAP authentication
- chapAuthSession (boolean) whether support iSCSI Session CHAP authentication
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- initiatorName (string) Custom iSCSI Initiator Name. If initiatorName is specified with
iscsiInterface simultaneously, new iSCSI interface (target portal):(volume
name) will be created for the connection.
- iqn (string) Target iSCSI Qualified Name.
- iscsiInterface (string) iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default'
(tcp).
- lun (integer) iSCSI Target Lun number.
- portals ([]string) iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the
port is other than default (typically TCP ports 860 and 3260).
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false.
-
secretRef (Object) CHAP Secret for iSCSI target and initiator authentication
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- targetPortal (string) iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
is other than default (typically TCP ports 860 and 3260).
-
- name (string) Volume's name. Must be a DNS_LABEL and unique within the pod. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
nfs (Object) NFS represents an NFS mount on the host that shares a pod's lifetime More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do
not support ownership management or SELinux relabeling.
- path (string) Path that is exported by the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- readOnly (boolean) ReadOnly here will force the NFS export to be mounted with read-only
permissions. Defaults to false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- server (string) Server is the hostname or IP address of the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-
persistentVolumeClaim (Object) PersistentVolumeClaimVolumeSource represents a reference to a
PersistentVolumeClaim in the same namespace. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
PersistentVolumeClaimVolumeSource references the user's PVC in the same
namespace. This volume finds the bound PV and mounts that volume for the
pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around
another type of volume that is owned by someone else (the system).
- claimName (string) ClaimName is the name of a PersistentVolumeClaim in the same namespace as
the pod using this volume. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- readOnly (boolean) Will force the ReadOnly setting in VolumeMounts. Default false.
-
-
photonPersistentDisk (Object) PhotonPersistentDisk represents a PhotonController persistent disk attached
and mounted on kubelets host machine
Represents a Photon Controller persistent disk resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- pdID (string) ID that identifies Photon Controller persistent disk
-
-
portworxVolume (Object) PortworxVolume represents a portworx volume attached and mounted on
kubelets host machine
PortworxVolumeSource represents a Portworx volume resource.
- fsType (string) FSType represents the filesystem type to mount Must be a filesystem type
supported by the host operating system. Ex. "ext4", "xfs". Implicitly
inferred to be "ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- volumeID (string) VolumeID uniquely identifies a Portworx volume
-
-
projected (Object) Items for all in one resources secrets, configmaps, and downward API
Represents a projected volume source
- defaultMode (integer) Mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Directories within the path are not affected by this
setting. This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
-
sources ([]Object) list of volume projections
Projection that may be projected along with other supported volume types
-
configMap (Object) information about the configMap data to project
Adapts a ConfigMap into a projected volume.
The contents of the target ConfigMap's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names, unless the items element is populated with specific mappings of keys
to paths. Note that this is identical to a configmap volume source without
the default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
downwardAPI (Object) information about the downwardAPI data to project
Represents downward API info for projecting into a projected volume. Note
that this is identical to a downwardAPI volume source without the default
mode.
-
items ([]Object) Items is a list of DownwardAPIVolume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
secret (Object) information about the secret data to project
Adapts a secret into a projected volume.
The contents of the target Secret's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names. Note that this is identical to a secret volume source without the
default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
serviceAccountToken (Object) information about the serviceAccountToken data to project
ServiceAccountTokenProjection represents a projected service account token
volume. This projection can be used to insert a service account token into
the pods runtime filesystem for use against APIs (Kubernetes API Server or
otherwise).
- audience (string) Audience is the intended audience of the token. A recipient of a token must
identify itself with an identifier specified in the audience of the token,
and otherwise should reject the token. The audience defaults to the
identifier of the apiserver.
- expirationSeconds (integer) ExpirationSeconds is the requested duration of validity of the service
account token. As the token approaches expiration, the kubelet volume
plugin will proactively rotate the service account token. The kubelet will
start trying to rotate the token if the token is older than 80 percent of
its time to live or if the token is older than 24 hours.Defaults to 1 hour
and must be at least 10 minutes.
- path (string) Path is the path relative to the mount point of the file to project the
token into.
-
-
-
-
quobyte (Object) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte
volumes do not support ownership management or SELinux relabeling.
- group (string) Group to map volume access to Default is no group
- readOnly (boolean) ReadOnly here will force the Quobyte volume to be mounted with read-only
permissions. Defaults to false.
- registry (string) Registry represents a single or multiple Quobyte Registry services
specified as a string as host:port pair (multiple entries are separated
with commas) which acts as the central registry for volumes
- tenant (string) Tenant owning the given Quobyte volume in the Backend Used with dynamically
provisioned Quobyte volumes, value is set by the plugin
- user (string) User to map volume access to Defaults to serivceaccount user
- volume (string) Volume is a string that references an already created Quobyte volume by
name.
-
-
rbd (Object) RBD represents a Rados Block Device mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD
volumes support ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- image (string) The rados image name. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- keyring (string) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- monitors ([]string) A collection of Ceph monitors. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- pool (string) The rados pool name. Default is rbd. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
secretRef (Object) SecretRef is name of the authentication secret for RBDUser. If provided
overrides keyring. Default is nil. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) The rados user name. Default is admin. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-
scaleIO (Object) ScaleIO represents a ScaleIO persistent volume attached and mounted on
Kubernetes nodes.
ScaleIOVolumeSource represents a persistent ScaleIO volume
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
- gateway (string) The host address of the ScaleIO API Gateway.
- protectionDomain (string) The name of the ScaleIO Protection Domain for the configured storage.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef references to the secret for ScaleIO user and other sensitive
information. If this is not provided, Login operation will fail.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- sslEnabled (boolean) Flag to enable/disable SSL communication with Gateway, default false
- storageMode (string) Indicates whether the storage for a volume should be ThickProvisioned or
ThinProvisioned. Default is ThinProvisioned.
- storagePool (string) The ScaleIO Storage Pool associated with the protection domain.
- system (string) The name of the storage system as configured in ScaleIO.
- volumeName (string) The name of a volume already created in the ScaleIO system that is
associated with this volume source.
-
-
secret (Object) Secret represents a secret that should populate this volume. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
Adapts a Secret into a volume.
The contents of the target Secret's Data field will be presented in a
volume as files using the keys in the Data field as the file names. Secret
volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- optional (boolean) Specify whether the Secret or its keys must be defined
- secretName (string) Name of the secret in the pod's namespace to use. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
-
-
storageos (Object) StorageOS represents a StorageOS volume attached and mounted on Kubernetes
nodes.
Represents a StorageOS persistent volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef specifies the secret to use for obtaining the StorageOS API
credentials. If not specified, default values will be attempted.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeName (string) VolumeName is the human-readable name of the StorageOS volume. Volume names
are only unique within a namespace.
- volumeNamespace (string) VolumeNamespace specifies the scope of the volume within StorageOS. If no
namespace is specified then the Pod's namespace will be used. This allows
the Kubernetes name scoping to be mirrored within StorageOS for tighter
integration. Set VolumeName to any name to override the default behaviour.
Set to "default" if you are not using namespaces within StorageOS.
Namespaces that do not pre-exist within StorageOS will be created.
-
-
vsphereVolume (Object) VsphereVolume represents a vSphere volume attached and mounted on kubelets
host machine
Represents a vSphere volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- storagePolicyID (string) Storage Policy Based Management (SPBM) profile ID associated with the
StoragePolicyName.
- storagePolicyName (string) Storage Policy Based Management (SPBM) profile name.
- volumePath (string) Path that identifies vSphere volume vmdk
-
-
-
-
-
-
ReplicationController ReplicationController represents the configuration of a replication
controller.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) If the Labels of a ReplicationController are empty, they are defaulted to
be the same as the Pod(s) that the replication controller manages. Standard
object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec defines the specification of the desired behavior of the replication
controller. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
ReplicationControllerSpec is the specification of a replication controller.
- minReadySeconds (integer) Minimum number of seconds for which a newly created pod should be ready
without any of its container crashing, for it to be considered available.
Defaults to 0 (pod will be considered available as soon as it is ready)
- replicas (integer) Replicas is the number of desired replicas. This is a pointer to
distinguish between explicit zero and unspecified. Defaults to 1. More
info:
https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller
- selector (map[string]string) Selector is a label query over pods that should match the Replicas count.
If Selector is empty, it is defaulted to the labels present on the Pod
template. Label keys and values that must match in order to be controlled
by this replication controller, if empty defaulted to labels on Pod
template. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
-
template (Object) Template is the object that describes the pod that will be created if
insufficient replicas are detected. This takes precedence over a
TemplateRef. More info:
https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
PodTemplateSpec describes the data a pod should have when created from a
template
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
PodSpec is a description of a pod.
- activeDeadlineSeconds (integer) Optional duration in seconds the pod may be active on the node relative to
StartTime before the system will actively try to mark it failed and kill
associated containers. Value must be a positive integer.
-
affinity (Object) If specified, the pod's scheduling constraints
Affinity is a group of affinity scheduling rules.
-
nodeAffinity (Object) Describes node affinity scheduling rules for the pod.
Node affinity is a group of node affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node matches
the corresponding matchExpressions; the node(s) with the highest sum are
the most preferred.
An empty preferred scheduling term matches all objects with implicit weight
0 (i.e. it's a no-op). A null preferred scheduling term matches no objects
(i.e. is also a no-op).
-
preference (Object) A node selector term, associated with the corresponding weight.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
- weight (integer) Weight associated with matching the corresponding nodeSelectorTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution (Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to an update), the system may or may not try
to eventually evict the pod from its node.
A node selector represents the union of the results of one or more label
queries over a set of nodes; that is, it represents the OR of the selectors
represented by the node selector terms.
-
nodeSelectorTerms ([]Object) Required. A list of node selector terms. The terms are ORed.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
-
-
-
podAffinity (Object) Describes pod affinity scheduling rules (e.g. co-locate this pod in the
same node, zone, etc. as some other pod(s)).
Pod affinity is a group of inter pod affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
affinity expressions specified by this field, but it may choose a node that
violates one or more of the expressions. The node that is most preferred is
the one with the greatest sum of weights, i.e. for each node that meets all
of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through the
elements of this field and adding "weight" to the sum if the node has pods
which matches the corresponding podAffinityTerm; the node(s) with the
highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease to be met at some point
during pod execution (e.g. due to a pod label update), the system may or
may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
podAntiAffinity (Object) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod
in the same node, zone, etc. as some other pod(s)).
Pod anti affinity is a group of inter pod anti affinity scheduling rules.
-
preferredDuringSchedulingIgnoredDuringExecution ([]Object) The scheduler will prefer to schedule pods to nodes that satisfy the
anti-affinity expressions specified by this field, but it may choose a node
that violates one or more of the expressions. The node that is most
preferred is the one with the greatest sum of weights, i.e. for each node
that meets all of the scheduling requirements (resource request,
requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by
iterating through the elements of this field and adding "weight" to the sum
if the node has pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
The weights of all of the matched WeightedPodAffinityTerm fields are added
per-node to find the most preferred node(s)
-
podAffinityTerm (Object) Required. A pod affinity term, associated with the corresponding weight.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
- weight (integer) weight associated with matching the corresponding podAffinityTerm, in the
range 1-100.
-
-
requiredDuringSchedulingIgnoredDuringExecution ([]Object) If the anti-affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node. If the
anti-affinity requirements specified by this field cease to be met at some
point during pod execution (e.g. due to a pod label update), the system may
or may not try to eventually evict the pod from its node. When there are
multiple elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to
the given namespace(s)) that this pod should be co-located (affinity) or
not co-located (anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key (topologyKey) matches that of
any node on which a pod of the set of pods is running
-
labelSelector (Object) A label query over a set of resources, in this case pods.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
namespaceSelector (Object) A label query over the set of namespaces that the term applies to. The term
is applied to the union of the namespaces selected by this field and the
ones listed in the namespaces field. null selector and null or empty
namespaces list means "this pod's namespace". An empty selector ({})
matches all namespaces. This field is beta-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- namespaces ([]string) namespaces specifies a static list of namespace names that the term applies
to. The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
- topologyKey (string) This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value of the label with
key topologyKey matches that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
-
-
-
- automountServiceAccountToken (boolean) AutomountServiceAccountToken indicates whether a service account token
should be automatically mounted.
-
containers ([]Object) List of containers belonging to the pod. Containers cannot currently be
added or removed. There must be at least one container in a Pod. Cannot be
updated.
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
dnsConfig (Object) Specifies the DNS parameters of a pod. Parameters specified here will be
merged to the generated DNS configuration based on DNSPolicy.
PodDNSConfig defines the DNS parameters of a pod in addition to those
generated from DNSPolicy.
- nameservers ([]string) A list of DNS name server IP addresses. This will be appended to the base
nameservers generated from DNSPolicy. Duplicated nameservers will be
removed.
-
options ([]Object) A list of DNS resolver options. This will be merged with the base options
generated from DNSPolicy. Duplicated entries will be removed. Resolution
options given in Options will override those that appear in the base
DNSPolicy.
PodDNSConfigOption defines DNS resolver options of a pod.
- name (string) Required.
- value (string) (empty)
-
- searches ([]string) A list of DNS search domains for host-name lookup. This will be appended to
the base search paths generated from DNSPolicy. Duplicated search paths
will be removed.
-
- dnsPolicy (string) Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are
'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS
parameters given in DNSConfig will be merged with the policy selected with
DNSPolicy. To have DNS options set along with hostNetwork, you have to
specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
- enableServiceLinks (boolean) EnableServiceLinks indicates whether information about services should be
injected into pod's environment variables, matching the syntax of Docker
links. Optional: Defaults to true.
-
ephemeralContainers ([]Object) List of ephemeral containers run in this pod. Ephemeral containers may be
run in an existing pod to perform user-initiated actions such as debugging.
This list cannot be specified when creating a pod, and it cannot be
modified by updating the pod spec. In order to add an ephemeral container
to an existing pod, use the pod's ephemeralcontainers subresource. This
field is beta-level and available on clusters that haven't disabled the
EphemeralContainers feature gate.
An EphemeralContainer is a temporary container that you may add to an
existing Pod for user-initiated activities such as debugging. Ephemeral
containers have no resource or scheduling guarantees, and they will not be
restarted when they exit or when a Pod is removed or restarted. The kubelet
may evict a Pod if an ephemeral container causes the Pod to exceed its
resource allocation.
To add an ephemeral container, use the ephemeralcontainers subresource of
an existing Pod. Ephemeral containers may not be removed or restarted.
This is a beta feature available on clusters that haven't disabled the
EphemeralContainers feature gate.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Lifecycle is not allowed for ephemeral containers.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the ephemeral container specified as a DNS_LABEL. This name must be
unique among all containers, init containers and ephemeral containers.
-
ports ([]Object) Ports are not allowed for ephemeral containers.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Resources are not allowed for ephemeral containers. Ephemeral containers
use spare resources already allocated to the pod.
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) Optional: SecurityContext defines the security options the ephemeral
container should be run with. If set, the fields of SecurityContext
override the equivalent fields of PodSecurityContext.
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) Probes are not allowed for ephemeral containers.
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- targetContainerName (string) If set, the name of the container from PodSpec that this ephemeral
container targets. The ephemeral container will be run in the namespaces
(IPC, PID, etc) of this container. If not set then the ephemeral container
uses the namespaces configured in the Pod spec.
The container runtime must implement support for this feature. If the
runtime does not support namespace targeting then the result of setting
this field is undefined.
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Subpath mounts are
not allowed for ephemeral containers. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
-
hostAliases ([]Object) HostAliases is an optional list of hosts and IPs that will be injected into
the pod's hosts file if specified. This is only valid for non-hostNetwork
pods.
HostAlias holds the mapping between IP and hostnames that will be injected
as an entry in the pod's hosts file.
- hostnames ([]string) Hostnames for the above IP address.
- ip (string) IP address of the host file entry.
-
- hostIPC (boolean) Use the host's ipc namespace. Optional: Default to false.
- hostNetwork (boolean) Host networking requested for this pod. Use the host's network namespace.
If this option is set, the ports that will be used must be specified.
Default to false.
- hostPID (boolean) Use the host's pid namespace. Optional: Default to false.
- hostname (string) Specifies the hostname of the Pod If not specified, the pod's hostname will
be set to a system-defined value.
-
imagePullSecrets ([]Object) ImagePullSecrets is an optional list of references to secrets in the same
namespace to use for pulling any of the images used by this PodSpec. If
specified, these secrets will be passed to individual puller
implementations for them to use. For example, in the case of docker, only
DockerConfig type secrets are honored. More info:
https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
initContainers ([]Object) List of initialization containers belonging to the pod. Init containers are
executed in order prior to containers being started. If any init container
fails, the pod is considered to have failed and is handled according to its
restartPolicy. The name for an init container or normal container must be
unique among all containers. Init containers may not have Lifecycle
actions, Readiness probes, Liveness probes, or Startup probes. The
resourceRequirements of an init container are taken into account during
scheduling by finding the highest request/limit for each resource type, and
then using the max of of that value or the sum of the normal containers.
Limits are applied to init containers in a similar fashion. Init containers
cannot currently be added or removed. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
A single application container that you want to run within a pod.
- args ([]string) Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are reduced to a single $,
which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- command ([]string) Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. Double $$
are reduced to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
env ([]Object) List of environment variables to set in the container. Cannot be updated.
EnvVar represents an environment variable present in a Container.
- name (string) Name of the environment variable. Must be a C_IDENTIFIER.
- value (string) Variable references $(VAR_NAME) are expanded using the previously defined
environment variables in the container and any service environment
variables. If a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never be expanded,
regardless of whether the variable exists or not. Defaults to "".
-
valueFrom (Object) Source for the environment variable's value. Cannot be used if value is not
empty.
EnvVarSource represents a source for the value of an EnvVar.
-
configMapKeyRef (Object) Selects a key of a ConfigMap.
Selects a key from a ConfigMap.
- key (string) The key to select.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its key must be defined
-
-
fieldRef (Object) Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['(KEY)']`, `metadata.annotations['(KEY)']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
secretKeyRef (Object) Selects a key of a secret in the pod's namespace
SecretKeySelector selects a key of a Secret.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
-
-
envFrom ([]Object) List of sources to populate environment variables in the container. The
keys defined within a source must be a C_IDENTIFIER. All invalid keys will
be reported as an event when the container is starting. When a key exists
in multiple sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key will take
precedence. Cannot be updated.
EnvFromSource represents the source of a set of ConfigMaps
-
configMapRef (Object) The ConfigMap to select from
ConfigMapEnvSource selects a ConfigMap to populate the environment
variables with.
The contents of the target ConfigMap's Data field will represent the
key-value pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap must be defined
-
- prefix (string) An optional identifier to prepend to each key in the ConfigMap. Must be a
C_IDENTIFIER.
-
secretRef (Object) The Secret to select from
SecretEnvSource selects a Secret to populate the environment variables
with.
The contents of the target Secret's Data field will represent the key-value
pairs as environment variables.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret must be defined
-
-
- image (string) Docker image name. More info:
https://kubernetes.io/docs/concepts/containers/images This field is
optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
- imagePullPolicy (string) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
-
lifecycle (Object) Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
-
postStart (Object) PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
preStop (Object) PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown
begins before the PreStop hook is executed. Regardless of the outcome of
the handler, the container will eventually terminate within the Pod's
termination grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until the termination
grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
LifecycleHandler defines a specific action that should be taken in a
lifecycle hook. One and only one of the fields, except TCPSocket must be
specified.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
-
tcpSocket (Object) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for
the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
-
-
-
livenessProbe (Object) Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- name (string) Name of the container specified as a DNS_LABEL. Each container in a pod
must have a unique name (DNS_LABEL). Cannot be updated.
-
ports ([]Object) List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
- containerPort (integer) Number of port to expose on the pod's IP address. This must be a valid port
number, 0 ( x ( 65536.
- hostIP (string) What host IP to bind the external port to.
- hostPort (integer) Number of port to expose on the host. If specified, this must be a valid
port number, 0 ( x ( 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
- name (string) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
- protocol (string) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-
readinessProbe (Object) Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-
resources (Object) Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
securityContext (Object) SecurityContext defines the security options the container should be run
with. If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext holds security configuration that will be applied to a
container. Some fields are present in both SecurityContext and
PodSecurityContext. When both are set, the values in SecurityContext take
precedence.
- allowPrivilegeEscalation (boolean) AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if the
no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is: 1) run as
Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
spec.os.name is windows.
-
capabilities (Object) The capabilities to add/drop when running containers. Defaults to the
default set of capabilities granted by the container runtime. Note that
this field cannot be set when spec.os.name is windows.
Adds and removes POSIX capabilities from running containers.
- add ([]string) Added capabilities
- drop ([]string) Removed capabilities
-
- privileged (boolean) Run container in privileged mode. Processes in privileged containers are
essentially equivalent to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is windows.
- procMount (string) procMount denotes the type of proc mount to use for the containers. The
default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths. This requires the ProcMountType feature
flag to be enabled. Note that this field cannot be set when spec.os.name is
windows.
- readOnlyRootFilesystem (boolean) Whether this container has a read-only root filesystem. Default is false.
Note that this field cannot be set when spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to the container. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options override
the pod options. Note that this field cannot be set when spec.os.name is
windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options from the PodSecurityContext will be used. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
-
startupProbe (Object) StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
-
exec (Object) Exec specifies the action to take.
ExecAction describes a "run in container" action.
- command ([]string) Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
-
- failureThreshold (integer) Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
-
grpc (Object) GRPC specifies an action involving a GRPC port. This is an alpha field and
requires enabling GRPCContainerProbe feature gate.
- port (integer) Port number of the gRPC service. Number must be in the range 1 to 65535.
- service (string) Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
-
httpGet (Object) HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
- host (string) Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
-
httpHeaders ([]Object) Custom headers to set in the request. HTTP allows repeated headers.
HTTPHeader describes a custom header to be used in HTTP probes
- name (string) The header field name
- value (string) The header field value
-
- path (string) Path to access on the HTTP server.
- port (string) Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- scheme (string) Scheme to use for connecting to the host. Defaults to HTTP.
-
- initialDelaySeconds (integer) Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- periodSeconds (integer) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
- successThreshold (integer) Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
-
tcpSocket (Object) TCPSocket specifies an action involving a TCP port.
TCPSocketAction describes an action based on opening a socket
- host (string) Optional: Host name to connect to, defaults to the pod IP.
- port (string) Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
- timeoutSeconds (integer) Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- stdin (boolean) Whether this container should allocate a buffer for stdin in the container
runtime. If this is not set, reads from stdin in the container will always
result in EOF. Default is false.
- stdinOnce (boolean) Whether the container runtime should close the stdin channel after it has
been opened by a single attach. When stdin is true the stdin stream will
remain open across multiple attach sessions. If stdinOnce is set to true,
stdin is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains closed until the
container is restarted. If this flag is false, a container processes that
reads from stdin will never receive an EOF. Default is false
- terminationMessagePath (string) Optional: Path at which the file to which the container's termination
message will be written is mounted into the container's filesystem. Message
written is intended to be brief final status, such as an assertion failure
message. Will be truncated by the node if greater than 4096 bytes. The
total message length across all containers will be limited to 12kb.
Defaults to /dev/termination-log. Cannot be updated.
- terminationMessagePolicy (string) Indicate how the termination message should be populated. File will use the
contents of terminationMessagePath to populate the container status message
on both success and failure. FallbackToLogsOnError will use the last chunk
of container log output if the termination message file is empty and the
container exited with an error. The log output is limited to 2048 bytes or
80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- tty (boolean) Whether this container should allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
-
volumeDevices ([]Object) volumeDevices is the list of block devices to be used by the container.
volumeDevice describes a mapping of a raw block device within a container.
- devicePath (string) devicePath is the path inside of the container that the device will be
mapped to.
- name (string) name must match the name of a persistentVolumeClaim in the pod
-
-
volumeMounts ([]Object) Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
- mountPath (string) Path within the container at which the volume should be mounted. Must not
contain ':'.
- mountPropagation (string) mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
- name (string) This must match the Name of a Volume.
- readOnly (boolean) Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
- subPath (string) Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
- subPathExpr (string) Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
-
- workingDir (string) Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.
-
- nodeName (string) NodeName is a request to schedule this pod onto a specific node. If it is
non-empty, the scheduler simply schedules this pod onto that node, assuming
that it fits resource requirements.
- nodeSelector (map[string]string) NodeSelector is a selector which must be true for the pod to fit on a node.
Selector which must match a node's labels for the pod to be scheduled on
that node. More info:
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-
os (Object) Specifies the OS of the containers in the pod. Some pod and container
fields are restricted if this is set.
If the OS field is set to linux, the following fields must be unset:
-securityContext.windowsOptions
If the OS field is set to windows, following fields must be unset: -
spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions -
spec.securityContext.seccompProfile - spec.securityContext.fsGroup -
spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls -
spec.shareProcessNamespace - spec.securityContext.runAsUser -
spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups -
spec.containers[*].securityContext.seLinuxOptions -
spec.containers[*].securityContext.seccompProfile -
spec.containers[*].securityContext.capabilities -
spec.containers[*].securityContext.readOnlyRootFilesystem -
spec.containers[*].securityContext.privileged -
spec.containers[*].securityContext.allowPrivilegeEscalation -
spec.containers[*].securityContext.procMount -
spec.containers[*].securityContext.runAsUser -
spec.containers[*].securityContext.runAsGroup This is an alpha field and
requires the IdentifyPodOS feature
PodOS defines the OS parameters of a pod.
- name (string) Name is the name of the operating system. The currently supported values
are linux and windows. Additional value may be defined in future and can be
one of:
https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
Clients should expect to handle additional values and treat unrecognized
values in this field as os: null
-
- overhead (map[string]string) Overhead represents the resource overhead associated with running a pod for
a given RuntimeClass. This field will be autopopulated at admission time by
the RuntimeClass admission controller. If the RuntimeClass admission
controller is enabled, overhead must not be set in Pod create requests. The
RuntimeClass admission controller will reject Pod create requests which
have the overhead already set. If RuntimeClass is configured and selected
in the PodSpec, Overhead will be set to the value defined in the
corresponding RuntimeClass, otherwise it will remain unset and treated as
zero. More info:
https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
This field is beta-level as of Kubernetes v1.18, and is only honored by
servers that enable the PodOverhead feature.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- preemptionPolicy (string) PreemptionPolicy is the Policy for preempting pods with lower priority. One
of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
This field is beta-level, gated by the NonPreemptingPriority feature-gate.
- priority (integer) The priority value. Various system components use this field to find the
priority of the pod. When Priority Admission Controller is enabled, it
prevents users from setting this field. The admission controller populates
this field from PriorityClassName. The higher the value, the higher the
priority.
- priorityClassName (string) If specified, indicates the pod's priority. "system-node-critical" and
"system-cluster-critical" are two special keywords which indicate the
highest priorities with the former being the highest priority. Any other
name must be defined by creating a PriorityClass object with that name. If
not specified, the pod priority will be default or zero if there is no
default.
-
readinessGates ([]Object) If specified, all readiness gates will be evaluated for pod readiness. A
pod is ready when all its containers are ready AND all conditions specified
in the readiness gates have status equal to "True" More info:
https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
PodReadinessGate contains the reference to a pod condition
- conditionType (string) ConditionType refers to a condition in the pod's condition list with
matching type.
-
- restartPolicy (string) Restart policy for all containers within the pod. One of Always, OnFailure,
Never. Default to Always. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
- runtimeClassName (string) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group,
which should be used to run this pod. If no RuntimeClass resource matches
the named class, the pod will not be run. If unset or empty, the "legacy"
RuntimeClass will be used, which is an implicit class with an empty
definition that uses the default runtime handler. More info:
https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class This is a
beta feature as of Kubernetes v1.14.
- schedulerName (string) If specified, the pod will be dispatched by specified scheduler. If not
specified, the pod will be dispatched by default scheduler.
-
securityContext (Object) SecurityContext holds pod-level security attributes and common container
settings. Optional: Defaults to empty. See type description for default
values of each field.
PodSecurityContext holds pod-level security attributes and common container
settings. Some fields are also present in container.securityContext. Field
values of container.securityContext take precedence over field values of
PodSecurityContext.
- fsGroup (integer) A special supplemental group that applies to all containers in a pod. Some
volume types allow the Kubelet to change the ownership of that volume to be
owned by the pod:
1. The owning GID will be the FSGroup 2. The setgid bit is set (new files
created in the volume will be owned by FSGroup) 3. The permission bits are
OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any
volume. Note that this field cannot be set when spec.os.name is windows.
- fsGroupChangePolicy (string) fsGroupChangePolicy defines behavior of changing ownership and permission
of the volume before being exposed inside Pod. This field will only apply
to volume types which support fsGroup based ownership(and permissions). It
will have no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always". If not
specified, "Always" is used. Note that this field cannot be set when
spec.os.name is windows.
- runAsGroup (integer) The GID to run the entrypoint of the container process. Uses runtime
default if unset. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
- runAsNonRoot (boolean) Indicates that the container must run as a non-root user. If true, the
Kubelet will validate the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it does. If unset or
false, no such validation will be performed. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
- runAsUser (integer) The UID to run the entrypoint of the container process. Defaults to user
specified in image metadata if unspecified. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence for that container.
Note that this field cannot be set when spec.os.name is windows.
-
seLinuxOptions (Object) The SELinux context to be applied to all containers. If unspecified, the
container runtime will allocate a random SELinux context for each
container. May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence for that container. Note that this field
cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
seccompProfile (Object) The seccomp options to use by the containers in this pod. Note that this
field cannot be set when spec.os.name is windows.
SeccompProfile defines a pod/container's seccomp profile settings. Only one
profile source may be set.
- localhostProfile (string) localhostProfile indicates a profile defined in a file on the node should
be used. The profile must be preconfigured on the node to work. Must be a
descending path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
- type (string) type indicates which kind of seccomp profile will be applied. Valid options
are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
-
- supplementalGroups ([]integer) A list of groups applied to the first process run in each container, in
addition to the container's primary GID. If unspecified, no groups will be
added to any container. Note that this field cannot be set when
spec.os.name is windows.
-
sysctls ([]Object) Sysctls hold a list of namespaced sysctls used for the pod. Pods with
unsupported sysctls (by the container runtime) might fail to launch. Note
that this field cannot be set when spec.os.name is windows.
Sysctl defines a kernel parameter to be set
- name (string) Name of a property to set
- value (string) Value of a property to set
-
-
windowsOptions (Object) The Windows specific settings applied to all containers. If unspecified,
the options within a container's SecurityContext will be used. If set in
both SecurityContext and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this field cannot be set when
spec.os.name is linux.
WindowsSecurityContextOptions contain Windows-specific options and
credentials.
- gmsaCredentialSpec (string) GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
the GMSA credential spec named by the GMSACredentialSpecName field.
- gmsaCredentialSpecName (string) GMSACredentialSpecName is the name of the GMSA credential spec to use.
- hostProcess (boolean) HostProcess determines if a container should be run as a 'Host Process'
container. This field is alpha-level and will only be honored by components
that enable the WindowsHostProcessContainers feature flag. Setting this
field without the feature flag will result in errors when validating the
Pod. All of a Pod's containers must have the same effective HostProcess
value (it is not allowed to have a mix of HostProcess containers and
non-HostProcess containers). In addition, if HostProcess is true then
HostNetwork must also be set to true.
- runAsUserName (string) The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified. May also
be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence.
-
-
- serviceAccount (string) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
Deprecated: Use serviceAccountName instead.
- serviceAccountName (string) ServiceAccountName is the name of the ServiceAccount to use to run this
pod. More info:
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- setHostnameAsFQDN (boolean) If true the pod's hostname will be configured as the pod's FQDN, rather
than the leaf name (the default). In Linux containers, this means setting
the FQDN in the hostname field of the kernel (the nodename field of struct
utsname). In Windows containers, this means setting the registry value of
hostname for the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to
FQDN. If a pod does not have FQDN, this has no effect. Default to false.
- shareProcessNamespace (boolean) Share a single process namespace between all of the containers in a pod.
When this is set containers will be able to view and signal processes from
other containers in the same pod, and the first process in each container
will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both
be set. Optional: Default to false.
- subdomain (string) If specified, the fully qualified Pod hostname will be
"(hostname).(subdomain).(pod namespace).svc.(cluster domain)". If not
specified, the pod will not have a domainname at all.
- terminationGracePeriodSeconds (integer) Optional duration in seconds the pod needs to terminate gracefully. May be
decreased in delete request. Value must be non-negative integer. The value
zero indicates stop immediately via the kill signal (no opportunity to shut
down). If this value is nil, the default grace period will be used instead.
The grace period is the duration in seconds after the processes running in
the pod are sent a termination signal and the time when the processes are
forcibly halted with a kill signal. Set this value longer than the expected
cleanup time for your process. Defaults to 30 seconds.
-
tolerations ([]Object) If specified, the pod's tolerations.
The pod this Toleration is attached to tolerates any taint that matches the
triple (key,value,effect) using the matching operator (operator).
- effect (string) Effect indicates the taint effect to match. Empty means match all taint
effects. When specified, allowed values are NoSchedule, PreferNoSchedule
and NoExecute.
- key (string) Key is the taint key that the toleration applies to. Empty means match all
taint keys. If the key is empty, operator must be Exists; this combination
means to match all values and all keys.
- operator (string) Operator represents a key's relationship to the value. Valid operators are
Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for
value, so that a pod can tolerate all taints of a particular category.
- tolerationSeconds (integer) TolerationSeconds represents the period of time the toleration (which must
be of effect NoExecute, otherwise this field is ignored) tolerates the
taint. By default, it is not set, which means tolerate the taint forever
(do not evict). Zero and negative values will be treated as 0 (evict
immediately) by the system.
- value (string) Value is the taint value the toleration matches to. If the operator is
Exists, the value should be empty, otherwise just a regular string.
-
-
topologySpreadConstraints ([]Object) TopologySpreadConstraints describes how a group of pods ought to spread
across topology domains. Scheduler will schedule pods in a way which abides
by the constraints. All topologySpreadConstraints are ANDed.
TopologySpreadConstraint specifies how to spread matching pods among the
given topology.
-
labelSelector (Object) LabelSelector is used to find matching pods. Pods that match this label
selector are counted to determine the number of pods in their corresponding
topology domain.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- maxSkew (integer) MaxSkew describes the degree to which pods may be unevenly distributed.
When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted
difference between the number of matching pods in the target topology and
the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1,
and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 |
zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled
to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the
ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2,
incoming pod can be scheduled onto any zone. When
`whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to
topologies that satisfy it. It's a required field. Default value is 1 and 0
is not allowed.
- topologyKey (string) TopologyKey is the key of node labels. Nodes that have a label with this
key and identical values are considered to be in the same topology. We
consider each (key, value) as a "bucket", and try to put balanced number of
pods into each bucket. It's a required field.
- whenUnsatisfiable (string) WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
the spread constraint. - DoNotSchedule (default) tells the scheduler not to
schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in
any location, but giving higher precedence to topologies that would help
reduce the skew. A constraint is considered "Unsatisfiable" for an incoming
pod if and only if every possible node assignment for that pod would
violate "MaxSkew" on some topology. For example, in a 3-zone cluster,
MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:
| zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to
DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become
3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In
other words, the cluster can still be imbalanced, but scheduler won't make
it *more* imbalanced. It's a required field.
-
-
volumes ([]Object) List of volumes that can be mounted by containers belonging to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes
Volume represents a named volume in a pod that may be accessed by any
container in the pod.
-
awsElasticBlockStore (Object) AWSElasticBlockStore represents an AWS Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
Represents a Persistent Disk resource in AWS.
An AWS EBS disk must exist before mounting to a container. The disk must
also be in the same AWS zone as the kubelet. An AWS EBS disk can only be
mounted as read/write once. AWS EBS volumes support ownership management
and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty).
- readOnly (boolean) Specify "true" to force and set the ReadOnly property in VolumeMounts to
"true". If omitted, the default is "false". More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- volumeID (string) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More
info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-
azureDisk (Object) AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
- cachingMode (string) Host Caching mode: None, Read Only, Read Write.
- diskName (string) The Name of the data disk in the blob storage
- diskURI (string) The URI the data disk in the blob storage
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- kind (string) Expected values Shared: multiple blob disks per storage account Dedicated:
single blob disk per storage account Managed: azure managed data disk (only
in managed availability set). defaults to shared
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
-
azureFile (Object) AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- secretName (string) the name of secret that contains Azure Storage Account Name and Key
- shareName (string) Share Name
-
-
cephfs (Object) CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs
volumes do not support ownership management or SELinux relabeling.
- monitors ([]string) Required: Monitors is a collection of Ceph monitors More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- path (string) Optional: Used as the mounted root, rather than the full Ceph tree, default
is /
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- secretFile (string) Optional: SecretFile is the path to key ring for User, default is
/etc/ceph/user.secret More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
secretRef (Object) Optional: SecretRef is reference to the authentication secret for User,
default is empty. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) Optional: User is the rados user name, default is admin More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-
cinder (Object) Cinder represents a cinder volume attached and mounted on kubelets host
machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
Represents a cinder volume resource in Openstack. A Cinder volume must
exist before mounting to a container. The volume must also be in the same
region as the kubelet. Cinder volumes support ownership management and
SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
be "ext4" if unspecified. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
secretRef (Object) Optional: points to a secret object containing parameters used to connect
to OpenStack.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeID (string) volume id used to identify the volume in cinder. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
-
configMap (Object) ConfigMap represents a configMap that should populate this volume
Adapts a ConfigMap into a volume.
The contents of the target ConfigMap's Data field will be presented in a
volume as files using the keys in the Data field as the file names, unless
the items element is populated with specific mappings of keys to paths.
ConfigMap volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
csi (Object) CSI (Container Storage Interface) represents ephemeral storage that is
handled by certain external CSI drivers (Beta feature).
Represents a source location of a volume to mount, managed by an external
CSI driver
- driver (string) Driver is the name of the CSI driver that handles this volume. Consult with
your admin for the correct name as registered in the cluster.
- fsType (string) Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the
empty value is passed to the associated CSI driver which will determine the
default filesystem to apply.
-
nodePublishSecretRef (Object) NodePublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls. This field is optional,
and may be empty if no secret is required. If the secret object contains
more than one secret, all secret references are passed.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- readOnly (boolean) Specifies a read-only configuration for the volume. Defaults to false
(read/write).
- volumeAttributes (map[string]string) VolumeAttributes stores driver-specific properties that are passed to the
CSI driver. Consult your driver's documentation for supported values.
-
-
downwardAPI (Object) DownwardAPI represents downward API about the pod that should populate this
volume
DownwardAPIVolumeSource represents a volume containing downward API info.
Downward API volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits to use on created files by default. Must be a Optional:
mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) Items is a list of downward API volume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
emptyDir (Object) EmptyDir represents a temporary directory that shares a pod's lifetime.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
Represents an empty directory for a pod. Empty directory volumes support
ownership management and SELinux relabeling.
- medium (string) What type of storage medium should back this directory. The default is ""
which means to use the node's default medium. Must be an empty string
(default) or Memory. More info:
https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- sizeLimit (string) Total amount of local storage required for this EmptyDir volume. The size
limit is also applicable for memory medium. The maximum usage on memory
medium EmptyDir would be the minimum value between the SizeLimit specified
here and the sum of memory limits of all containers in a pod. The default
is nil which means that the limit is undefined. More info:
http://kubernetes.io/docs/user-guide/volumes#emptydir
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
ephemeral (Object) Ephemeral represents a volume that is handled by a cluster storage driver.
The volume's lifecycle is tied to the pod that defines it - it will be
created before the pod starts, and deleted when the pod is removed.
Use this if: a) the volume is only needed while the pod runs, b) features
of normal volumes like restoring from snapshot or capacity tracking are
needed, c) the storage driver is specified through a storage class, and d)
the storage driver supports dynamic volume provisioning through a
PersistentVolumeClaim (see EphemeralVolumeSource for more information on
the connection between this volume type and PersistentVolumeClaim).
Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes
that persist for longer than the lifecycle of an individual pod.
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant
to be used that way - see the documentation of the driver for more
information.
A pod can use both types of ephemeral volumes and persistent volumes at the
same time.
Represents an ephemeral volume that is handled by a normal storage driver.
-
volumeClaimTemplate (Object) Will be used to create a stand-alone PVC to provision the volume. The pod
in which this EphemeralVolumeSource is embedded will be the owner of the
PVC, i.e. the PVC will be deleted together with the pod. The name of the
PVC will be `(pod name)-(volume name)` where `(volume name)` is the name
from the `PodSpec.Volumes` array entry. Pod validation will reject the pod
if the concatenated name is not valid for a PVC (for example, too long).
An existing PVC with that name that is not owned by the pod will *not* be
used for the pod to avoid using an unrelated volume by mistake. Starting
the pod is then blocked until the unrelated PVC is removed. If such a
pre-created PVC is meant to be used by the pod, the PVC has to updated with
an owner reference to the pod once the pod exists. Normally this should not
be necessary, but it may be useful when manually reconstructing a broken
cluster.
This field is read-only and no changes will be made by Kubernetes to the
PVC after it has been created.
Required, must not be nil.
PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim
objects as part of an EphemeralVolumeSource.
-
metadata (Object) May contain labels and annotations that will be copied into the PVC when
creating it. No other fields are allowed and will be rejected during
validation.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) The specification for the PersistentVolumeClaim. The entire content is
copied unchanged into the PVC that gets created from this template. The
same fields as in a PersistentVolumeClaim are also valid here.
PersistentVolumeClaimSpec describes the common attributes of storage
devices and allows a Source for provider-specific attributes
- accessModes ([]string) AccessModes contains the desired access modes the volume should have. More
info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-
dataSource (Object) This field can be used to specify either: * An existing VolumeSnapshot
object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC
(PersistentVolumeClaim) If the provisioner or an external controller can
support the specified data source, it will create a new volume based on the
contents of the specified data source. If the AnyVolumeDataSource feature
gate is enabled, this field will always have the same contents as the
DataSourceRef field.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
dataSourceRef (Object) Specifies the object from which to populate the volume with data, if a
non-empty volume is desired. This may be any local object from a non-empty
API group (non core object) or a PersistentVolumeClaim object. When this
field is specified, volume binding will only succeed if the type of the
specified object matches some installed volume populator or dynamic
provisioner. This field will replace the functionality of the DataSource
field and as such if both fields are non-empty, they must have the same
value. For backwards compatibility, both fields (DataSource and
DataSourceRef) will be set to the same value automatically if one of them
is empty and the other is non-empty. There are two important differences
between DataSource and DataSourceRef: * While DataSource only allows two
specific types of objects, DataSourceRef allows any non-core object, as
well as PersistentVolumeClaim objects.
* While DataSource ignores disallowed values (dropping them), DataSourceRef
preserves all values, and generates an error if a disallowed value is
specified. (Alpha) Using this field requires the AnyVolumeDataSource
feature gate to be enabled.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
resources (Object) Resources represents the minimum resources the volume should have. If
RecoverVolumeExpansionFailure feature is enabled users are allowed to
specify resource requirements that are lower than previous value but must
still be higher than capacity recorded in the status field of the claim.
More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
selector (Object) A label query over volumes to consider for binding.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- storageClassName (string) Name of the StorageClass required by the claim. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- volumeMode (string) volumeMode defines what type of volume is required by the claim. Value of
Filesystem is implied when not included in claim spec.
- volumeName (string) VolumeName is the binding reference to the PersistentVolume backing this
claim.
-
-
-
-
fc (Object) FC represents a Fibre Channel resource that is attached to a kubelet's host
machine and then exposed to the pod.
Represents a Fibre Channel volume. Fibre Channel volumes can only be
mounted as read/write once. Fibre Channel volumes support ownership
management and SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- lun (integer) Optional: FC target lun number
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
- targetWWNs ([]string) Optional: FC target worldwide names (WWNs)
- wwids ([]string) Optional: FC volume world wide identifiers (wwids) Either wwids or
combination of targetWWNs and lun must be set, but not both simultaneously.
-
-
flexVolume (Object) FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
- driver (string) Driver is the name of the driver to use for this volume.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends
on FlexVolume script.
- options (map[string]string) Optional: Extra command options if any.
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
-
secretRef (Object) Optional: SecretRef is reference to the secret object containing sensitive
information to pass to the plugin scripts. This may be empty if no secret
object is specified. If the secret object contains more than one secret,
all secrets are passed to the plugin scripts.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
flocker (Object) Flocker represents a Flocker volume attached to a kubelet's host machine.
This depends on the Flocker control service being running
Represents a Flocker volume mounted by the Flocker agent. One and only one
of datasetName and datasetUUID should be set. Flocker volumes do not
support ownership management or SELinux relabeling.
- datasetName (string) Name of the dataset stored as metadata -) name on the dataset for Flocker
should be considered as deprecated
- datasetUUID (string) UUID of the dataset. This is unique identifier of a Flocker dataset
-
-
gcePersistentDisk (Object) GCEPersistentDisk represents a GCE Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
Represents a Persistent Disk resource in Google Compute Engine.
A GCE PD must exist before mounting to a container. The disk must also be
in the same GCE project and zone as the kubelet. A GCE PD can only be
mounted as read/write once or read-only many times. GCE PDs support
ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty). More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- pdName (string) Unique name of the PD resource in GCE. Used to identify the disk in GCE.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-
gitRepo (Object) GitRepo represents a git repository at a particular revision. DEPRECATED:
GitRepo is deprecated. To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo using git, then mount
the EmptyDir into the Pod's container.
Represents a volume that is populated with the contents of a git
repository. Git repo volumes do not support ownership management. Git repo
volumes support SELinux relabeling.
DEPRECATED: GitRepo is deprecated. To provision a container with a git
repo, mount an EmptyDir into an InitContainer that clones the repo using
git, then mount the EmptyDir into the Pod's container.
- directory (string) Target directory name. Must not contain or start with '..'. If '.' is
supplied, the volume directory will be the git repository. Otherwise, if
specified, the volume will contain the git repository in the subdirectory
with the given name.
- repository (string) Repository URL
- revision (string) Commit hash for the specified revision.
-
-
glusterfs (Object) Glusterfs represents a Glusterfs mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs
volumes do not support ownership management or SELinux relabeling.
- endpoints (string) EndpointsName is the endpoint name that details Glusterfs topology. More
info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- path (string) Path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- readOnly (boolean) ReadOnly here will force the Glusterfs volume to be mounted with read-only
permissions. Defaults to false. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-
hostPath (Object) HostPath represents a pre-existing file or directory on the host machine
that is directly exposed to the container. This is generally used for
system agents or other privileged things that are allowed to see the host
machine. Most containers will NOT need this. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
Represents a host path mapped into a pod. Host path volumes do not support
ownership management or SELinux relabeling.
- path (string) Path of the directory on the host. If the path is a symlink, it will follow
the link to the real path. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- type (string) Type for HostPath Volume Defaults to "" More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-
iscsi (Object) ISCSI represents an ISCSI Disk resource that is attached to a kubelet's
host machine and then exposed to the pod. More info:
https://examples.k8s.io/volumes/iscsi/README.md
Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write
once. ISCSI volumes support ownership management and SELinux relabeling.
- chapAuthDiscovery (boolean) whether support iSCSI Discovery CHAP authentication
- chapAuthSession (boolean) whether support iSCSI Session CHAP authentication
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- initiatorName (string) Custom iSCSI Initiator Name. If initiatorName is specified with
iscsiInterface simultaneously, new iSCSI interface (target portal):(volume
name) will be created for the connection.
- iqn (string) Target iSCSI Qualified Name.
- iscsiInterface (string) iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default'
(tcp).
- lun (integer) iSCSI Target Lun number.
- portals ([]string) iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the
port is other than default (typically TCP ports 860 and 3260).
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false.
-
secretRef (Object) CHAP Secret for iSCSI target and initiator authentication
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- targetPortal (string) iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
is other than default (typically TCP ports 860 and 3260).
-
- name (string) Volume's name. Must be a DNS_LABEL and unique within the pod. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
nfs (Object) NFS represents an NFS mount on the host that shares a pod's lifetime More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do
not support ownership management or SELinux relabeling.
- path (string) Path that is exported by the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- readOnly (boolean) ReadOnly here will force the NFS export to be mounted with read-only
permissions. Defaults to false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- server (string) Server is the hostname or IP address of the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-
persistentVolumeClaim (Object) PersistentVolumeClaimVolumeSource represents a reference to a
PersistentVolumeClaim in the same namespace. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
PersistentVolumeClaimVolumeSource references the user's PVC in the same
namespace. This volume finds the bound PV and mounts that volume for the
pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around
another type of volume that is owned by someone else (the system).
- claimName (string) ClaimName is the name of a PersistentVolumeClaim in the same namespace as
the pod using this volume. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- readOnly (boolean) Will force the ReadOnly setting in VolumeMounts. Default false.
-
-
photonPersistentDisk (Object) PhotonPersistentDisk represents a PhotonController persistent disk attached
and mounted on kubelets host machine
Represents a Photon Controller persistent disk resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- pdID (string) ID that identifies Photon Controller persistent disk
-
-
portworxVolume (Object) PortworxVolume represents a portworx volume attached and mounted on
kubelets host machine
PortworxVolumeSource represents a Portworx volume resource.
- fsType (string) FSType represents the filesystem type to mount Must be a filesystem type
supported by the host operating system. Ex. "ext4", "xfs". Implicitly
inferred to be "ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- volumeID (string) VolumeID uniquely identifies a Portworx volume
-
-
projected (Object) Items for all in one resources secrets, configmaps, and downward API
Represents a projected volume source
- defaultMode (integer) Mode bits used to set permissions on created files by default. Must be an
octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Directories within the path are not affected by this
setting. This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
-
sources ([]Object) list of volume projections
Projection that may be projected along with other supported volume types
-
configMap (Object) information about the configMap data to project
Adapts a ConfigMap into a projected volume.
The contents of the target ConfigMap's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names, unless the items element is populated with specific mappings of keys
to paths. Note that this is identical to a configmap volume source without
the default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the ConfigMap, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the ConfigMap or its keys must be defined
-
-
downwardAPI (Object) information about the downwardAPI data to project
Represents downward API info for projecting into a projected volume. Note
that this is identical to a downwardAPI volume source without the default
mode.
-
items ([]Object) Items is a list of DownwardAPIVolume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
-
fieldRef (Object) Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
ObjectFieldSelector selects an APIVersioned field of an object.
- apiVersion (string) Version of the schema the FieldPath is written in terms of, defaults to
"v1".
- fieldPath (string) Path of the field to select in the specified API version.
-
- mode (integer) Optional: mode bits used to set permissions on this file, must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
-
resourceFieldRef (Object) Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
- containerName (string) Container name: required for volumes, optional for env vars
- divisor (string) Specifies the output format of the exposed resources, defaults to "1"
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- resource (string) Required: resource to select
-
-
-
-
secret (Object) information about the secret data to project
Adapts a secret into a projected volume.
The contents of the target Secret's Data field will be presented in a
projected volume as files using the keys in the Data field as the file
names. Note that this is identical to a secret volume source without the
default mode.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
serviceAccountToken (Object) information about the serviceAccountToken data to project
ServiceAccountTokenProjection represents a projected service account token
volume. This projection can be used to insert a service account token into
the pods runtime filesystem for use against APIs (Kubernetes API Server or
otherwise).
- audience (string) Audience is the intended audience of the token. A recipient of a token must
identify itself with an identifier specified in the audience of the token,
and otherwise should reject the token. The audience defaults to the
identifier of the apiserver.
- expirationSeconds (integer) ExpirationSeconds is the requested duration of validity of the service
account token. As the token approaches expiration, the kubelet volume
plugin will proactively rotate the service account token. The kubelet will
start trying to rotate the token if the token is older than 80 percent of
its time to live or if the token is older than 24 hours.Defaults to 1 hour
and must be at least 10 minutes.
- path (string) Path is the path relative to the mount point of the file to project the
token into.
-
-
-
-
quobyte (Object) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte
volumes do not support ownership management or SELinux relabeling.
- group (string) Group to map volume access to Default is no group
- readOnly (boolean) ReadOnly here will force the Quobyte volume to be mounted with read-only
permissions. Defaults to false.
- registry (string) Registry represents a single or multiple Quobyte Registry services
specified as a string as host:port pair (multiple entries are separated
with commas) which acts as the central registry for volumes
- tenant (string) Tenant owning the given Quobyte volume in the Backend Used with dynamically
provisioned Quobyte volumes, value is set by the plugin
- user (string) User to map volume access to Defaults to serivceaccount user
- volume (string) Volume is a string that references an already created Quobyte volume by
name.
-
-
rbd (Object) RBD represents a Rados Block Device mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD
volumes support ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- image (string) The rados image name. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- keyring (string) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- monitors ([]string) A collection of Ceph monitors. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- pool (string) The rados pool name. Default is rbd. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
secretRef (Object) SecretRef is name of the authentication secret for RBDUser. If provided
overrides keyring. Default is nil. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- user (string) The rados user name. Default is admin. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-
scaleIO (Object) ScaleIO represents a ScaleIO persistent volume attached and mounted on
Kubernetes nodes.
ScaleIOVolumeSource represents a persistent ScaleIO volume
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
- gateway (string) The host address of the ScaleIO API Gateway.
- protectionDomain (string) The name of the ScaleIO Protection Domain for the configured storage.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef references to the secret for ScaleIO user and other sensitive
information. If this is not provided, Login operation will fail.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- sslEnabled (boolean) Flag to enable/disable SSL communication with Gateway, default false
- storageMode (string) Indicates whether the storage for a volume should be ThickProvisioned or
ThinProvisioned. Default is ThinProvisioned.
- storagePool (string) The ScaleIO Storage Pool associated with the protection domain.
- system (string) The name of the storage system as configured in ScaleIO.
- volumeName (string) The name of a volume already created in the ScaleIO system that is
associated with this volume source.
-
-
secret (Object) Secret represents a secret that should populate this volume. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
Adapts a Secret into a volume.
The contents of the target Secret's Data field will be presented in a
volume as files using the keys in the Data field as the file names. Secret
volumes support ownership management and SELinux relabeling.
- defaultMode (integer) Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
-
items ([]Object) If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the '..' path or start with '..'.
Maps a string key to a path within a volume.
- key (string) The key to project.
- mode (integer) Optional: mode bits used to set permissions on this file. Must be an octal
value between 0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal values for
mode bits. If not specified, the volume defaultMode will be used. This
might be in conflict with other options that affect the file mode, like
fsGroup, and the result can be other mode bits set.
- path (string) The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element '..'. May not start with the string
'..'.
-
- optional (boolean) Specify whether the Secret or its keys must be defined
- secretName (string) Name of the secret in the pod's namespace to use. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
-
-
storageos (Object) StorageOS represents a StorageOS volume attached and mounted on Kubernetes
nodes.
Represents a StorageOS persistent volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef specifies the secret to use for obtaining the StorageOS API
credentials. If not specified, default values will be attempted.
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- volumeName (string) VolumeName is the human-readable name of the StorageOS volume. Volume names
are only unique within a namespace.
- volumeNamespace (string) VolumeNamespace specifies the scope of the volume within StorageOS. If no
namespace is specified then the Pod's namespace will be used. This allows
the Kubernetes name scoping to be mirrored within StorageOS for tighter
integration. Set VolumeName to any name to override the default behaviour.
Set to "default" if you are not using namespaces within StorageOS.
Namespaces that do not pre-exist within StorageOS will be created.
-
-
vsphereVolume (Object) VsphereVolume represents a vSphere volume attached and mounted on kubelets
host machine
Represents a vSphere volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- storagePolicyID (string) Storage Policy Based Management (SPBM) profile ID associated with the
StoragePolicyName.
- storagePolicyName (string) Storage Policy Based Management (SPBM) profile name.
- volumePath (string) Path that identifies vSphere volume vmdk
-
-
-
-
-
-
status (Object) Status is the most recently observed status of the replication controller.
This data may be out of date by some window of time. Populated by the
system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
ReplicationControllerStatus represents the current status of a replication
controller.
- availableReplicas (integer) The number of available replicas (ready for at least minReadySeconds) for
this replication controller.
-
conditions ([]Object) Represents the latest available observations of a replication controller's
current state.
ReplicationControllerCondition describes the state of a replication
controller at a certain point.
- lastTransitionTime (string) The last time the condition transitioned from one status to another.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) A human readable message indicating details about the transition.
- reason (string) The reason for the condition's last transition.
- status (string) Status of the condition, one of True, False, Unknown.
- type (string) Type of replication controller condition.
-
- fullyLabeledReplicas (integer) The number of pods that have labels matching the labels of the pod template
of the replication controller.
- observedGeneration (integer) ObservedGeneration reflects the generation of the most recently observed
replication controller.
- readyReplicas (integer) The number of ready replicas for this replication controller.
- replicas (integer) Replicas is the most recently oberved number of replicas. More info:
https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller
-
-
-
ControllerRevision ControllerRevision implements an immutable snapshot of state data. Clients
are responsible for serializing and deserializing the objects that contain
their internal state. Once a ControllerRevision has been successfully
created, it can not be updated. The API Server will fail validation of all
requests that attempt to mutate the Data field. ControllerRevisions may,
however, be deleted. Note that, due to its use by both the DaemonSet and
StatefulSet controllers for update and rollback, this object is beta.
However, it may be subject to name and representation changes in future
releases, and clients should not depend on its stability. It is primarily
for internal use by controllers.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- data (map[string]) Data is the serialized representation of the state.
RawExtension is used to hold extensions in external versions.
To use this, make a field which has RawExtension as its type in your
external, versioned struct, and Object in your internal struct. You also
need to register your various plugin types.
// Internal package: type MyAPIObject struct { runtime.TypeMeta
`json:",inline"` MyPlugin runtime.Object `json:"myPlugin"` } type PluginA
struct { AOption string `json:"aOption"` }
// External package: type MyAPIObject struct { runtime.TypeMeta
`json:",inline"` MyPlugin runtime.RawExtension `json:"myPlugin"` } type
PluginA struct { AOption string `json:"aOption"` }
// On the wire, the JSON will look something like this: {
"kind":"MyAPIObject", "apiVersion":"v1", "myPlugin": { "kind":"PluginA",
"aOption":"foo", }, }
So what happens? Decode first uses json or yaml to unmarshal the serialized
data into your external MyAPIObject. That causes the raw JSON to be stored,
but not unpacked. The next step is to copy (using pkg/conversion) into the
internal struct. The runtime package's DefaultScheme has conversion
functions installed which will unpack the JSON stored in RawExtension,
turning it into the correct object type, and storing it in the Object.
(TODO: In the case where the object is of an unknown type, a
runtime.Unknown object will be created and stored.)
RawExtension is used to hold extensions in external versions.
To use this, make a field which has RawExtension as its type in your
external, versioned struct, and Object in your internal struct. You also
need to register your various plugin types.
// Internal package: type MyAPIObject struct { runtime.TypeMeta
`json:",inline"` MyPlugin runtime.Object `json:"myPlugin"` } type PluginA
struct { AOption string `json:"aOption"` }
// External package: type MyAPIObject struct { runtime.TypeMeta
`json:",inline"` MyPlugin runtime.RawExtension `json:"myPlugin"` } type
PluginA struct { AOption string `json:"aOption"` }
// On the wire, the JSON will look something like this: {
"kind":"MyAPIObject", "apiVersion":"v1", "myPlugin": { "kind":"PluginA",
"aOption":"foo", }, }
So what happens? Decode first uses json or yaml to unmarshal the serialized
data into your external MyAPIObject. That causes the raw JSON to be stored,
but not unpacked. The next step is to copy (using pkg/conversion) into the
internal struct. The runtime package's DefaultScheme has conversion
functions installed which will unpack the JSON stored in RawExtension,
turning it into the correct object type, and storing it in the Object.
(TODO: In the case where the object is of an unknown type, a
runtime.Unknown object will be created and stored.)
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- revision (integer) Revision indicates the revision of the state represented by Data.
-
Core
-
Node Node is a worker node in Kubernetes. Each node will have a unique
identifier in the cache (i.e. in etcd).
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec defines the behavior of a node.
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
NodeSpec describes the attributes that a node is created with.
-
configSource (Object) Deprecated. If specified, the source of the node's configuration. The
DynamicKubeletConfig feature gate must be enabled for the Kubelet to use
this field. This field is deprecated as of 1.22:
https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
NodeConfigSource specifies a source of node configuration. Exactly one
subfield (excluding metadata) must be non-nil. This API is deprecated since
1.22
-
configMap (Object) ConfigMap is a reference to a Node's ConfigMap
ConfigMapNodeConfigSource contains the information to reference a ConfigMap
as a config source for the Node. This API is deprecated since 1.22:
https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
- kubeletConfigKey (string) KubeletConfigKey declares which key of the referenced ConfigMap corresponds
to the KubeletConfiguration structure This field is required in all cases.
- name (string) Name is the metadata.name of the referenced ConfigMap. This field is
required in all cases.
- namespace (string) Namespace is the metadata.namespace of the referenced ConfigMap. This field
is required in all cases.
- resourceVersion (string) ResourceVersion is the metadata.ResourceVersion of the referenced
ConfigMap. This field is forbidden in Node.Spec, and required in
Node.Status.
- uid (string) UID is the metadata.UID of the referenced ConfigMap. This field is
forbidden in Node.Spec, and required in Node.Status.
-
-
- externalID (string) Deprecated. Not all kubelets will set this field. Remove field after 1.13.
see: https://issues.k8s.io/61966
- podCIDR (string) PodCIDR represents the pod IP range assigned to the node.
- podCIDRs ([]string) podCIDRs represents the IP ranges assigned to the node for usage by Pods on
that node. If this field is specified, the 0th entry must match the podCIDR
field. It may contain at most 1 value for each of IPv4 and IPv6.
- providerID (string) ID of the node assigned by the cloud provider in the format:
(ProviderName)://(ProviderSpecificNodeID)
-
taints ([]Object) If specified, the node's taints.
The node this Taint is attached to has the "effect" on any pod that does
not tolerate the Taint.
- effect (string) Required. The effect of the taint on pods that do not tolerate the taint.
Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- key (string) Required. The taint key to be applied to a node.
- timeAdded (string) TimeAdded represents the time at which the taint was added. It is only
written for NoExecute taints.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- value (string) The taint value corresponding to the taint key.
-
- unschedulable (boolean) Unschedulable controls node schedulability of new pods. By default, node is
schedulable. More info:
https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration
-
-
status (Object) Most recently observed status of the node. Populated by the system.
Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
NodeStatus is information about the current status of a node.
-
addresses ([]Object) List of addresses reachable to the node. Queried from cloud provider, if
available. More info:
https://kubernetes.io/docs/concepts/nodes/node/#addresses Note: This field
is declared as mergeable, but the merge key is not sufficiently unique,
which can cause data corruption when it is merged. Callers should instead
use a full-replacement patch. See http://pr.k8s.io/79391 for an example.
NodeAddress contains information for the node's address.
- address (string) The node address.
- type (string) Node address type, one of Hostname, ExternalIP or InternalIP.
-
- allocatable (map[string]string) Allocatable represents the resources of a node that are available for
scheduling. Defaults to Capacity.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- capacity (map[string]string) Capacity represents the total resources of a node. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
conditions ([]Object) Conditions is an array of current observed node conditions. More info:
https://kubernetes.io/docs/concepts/nodes/node/#condition
NodeCondition contains condition information for a node.
- lastHeartbeatTime (string) Last time we got an update on a given condition.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- lastTransitionTime (string) Last time the condition transit from one status to another.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) Human readable message indicating details about last transition.
- reason (string) (brief) reason for the condition's last transition.
- status (string) Status of the condition, one of True, False, Unknown.
- type (string) Type of node condition.
-
-
config (Object) Status of the config assigned to the node via the dynamic Kubelet config
feature.
NodeConfigStatus describes the status of the config assigned by
Node.Spec.ConfigSource.
-
active (Object) Active reports the checkpointed config the node is actively using. Active
will represent either the current version of the Assigned config, or the
current LastKnownGood config, depending on whether attempting to use the
Assigned config results in an error.
NodeConfigSource specifies a source of node configuration. Exactly one
subfield (excluding metadata) must be non-nil. This API is deprecated since
1.22
-
configMap (Object) ConfigMap is a reference to a Node's ConfigMap
ConfigMapNodeConfigSource contains the information to reference a ConfigMap
as a config source for the Node. This API is deprecated since 1.22:
https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
- kubeletConfigKey (string) KubeletConfigKey declares which key of the referenced ConfigMap corresponds
to the KubeletConfiguration structure This field is required in all cases.
- name (string) Name is the metadata.name of the referenced ConfigMap. This field is
required in all cases.
- namespace (string) Namespace is the metadata.namespace of the referenced ConfigMap. This field
is required in all cases.
- resourceVersion (string) ResourceVersion is the metadata.ResourceVersion of the referenced
ConfigMap. This field is forbidden in Node.Spec, and required in
Node.Status.
- uid (string) UID is the metadata.UID of the referenced ConfigMap. This field is
forbidden in Node.Spec, and required in Node.Status.
-
-
-
assigned (Object) Assigned reports the checkpointed config the node will try to use. When
Node.Spec.ConfigSource is updated, the node checkpoints the associated
config payload to local disk, along with a record indicating intended
config. The node refers to this record to choose its config checkpoint, and
reports this record in Assigned. Assigned only updates in the status after
the record has been checkpointed to disk. When the Kubelet is restarted, it
tries to make the Assigned config the Active config by loading and
validating the checkpointed payload identified by Assigned.
NodeConfigSource specifies a source of node configuration. Exactly one
subfield (excluding metadata) must be non-nil. This API is deprecated since
1.22
-
configMap (Object) ConfigMap is a reference to a Node's ConfigMap
ConfigMapNodeConfigSource contains the information to reference a ConfigMap
as a config source for the Node. This API is deprecated since 1.22:
https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
- kubeletConfigKey (string) KubeletConfigKey declares which key of the referenced ConfigMap corresponds
to the KubeletConfiguration structure This field is required in all cases.
- name (string) Name is the metadata.name of the referenced ConfigMap. This field is
required in all cases.
- namespace (string) Namespace is the metadata.namespace of the referenced ConfigMap. This field
is required in all cases.
- resourceVersion (string) ResourceVersion is the metadata.ResourceVersion of the referenced
ConfigMap. This field is forbidden in Node.Spec, and required in
Node.Status.
- uid (string) UID is the metadata.UID of the referenced ConfigMap. This field is
forbidden in Node.Spec, and required in Node.Status.
-
-
- error (string) Error describes any problems reconciling the Spec.ConfigSource to the
Active config. Errors may occur, for example, attempting to checkpoint
Spec.ConfigSource to the local Assigned record, attempting to checkpoint
the payload associated with Spec.ConfigSource, attempting to load or
validate the Assigned config, etc. Errors may occur at different points
while syncing config. Earlier errors (e.g. download or checkpointing
errors) will not result in a rollback to LastKnownGood, and may resolve
across Kubelet retries. Later errors (e.g. loading or validating a
checkpointed config) will result in a rollback to LastKnownGood. In the
latter case, it is usually possible to resolve the error by fixing the
config assigned in Spec.ConfigSource. You can find additional information
for debugging by searching the error message in the Kubelet log. Error is a
human-readable description of the error state; machines can check whether
or not Error is empty, but should not rely on the stability of the Error
text across Kubelet versions.
-
lastKnownGood (Object) LastKnownGood reports the checkpointed config the node will fall back to
when it encounters an error attempting to use the Assigned config. The
Assigned config becomes the LastKnownGood config when the node determines
that the Assigned config is stable and correct. This is currently
implemented as a 10-minute soak period starting when the local record of
Assigned config is updated. If the Assigned config is Active at the end of
this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource
is reset to nil (use local defaults), the LastKnownGood is also immediately
reset to nil, because the local default config is always assumed good. You
should not make assumptions about the node's method of determining config
stability and correctness, as this may change or become configurable in the
future.
NodeConfigSource specifies a source of node configuration. Exactly one
subfield (excluding metadata) must be non-nil. This API is deprecated since
1.22
-
configMap (Object) ConfigMap is a reference to a Node's ConfigMap
ConfigMapNodeConfigSource contains the information to reference a ConfigMap
as a config source for the Node. This API is deprecated since 1.22:
https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
- kubeletConfigKey (string) KubeletConfigKey declares which key of the referenced ConfigMap corresponds
to the KubeletConfiguration structure This field is required in all cases.
- name (string) Name is the metadata.name of the referenced ConfigMap. This field is
required in all cases.
- namespace (string) Namespace is the metadata.namespace of the referenced ConfigMap. This field
is required in all cases.
- resourceVersion (string) ResourceVersion is the metadata.ResourceVersion of the referenced
ConfigMap. This field is forbidden in Node.Spec, and required in
Node.Status.
- uid (string) UID is the metadata.UID of the referenced ConfigMap. This field is
forbidden in Node.Spec, and required in Node.Status.
-
-
-
-
daemonEndpoints (Object) Endpoints of daemons running on the Node.
NodeDaemonEndpoints lists ports opened by daemons running on the Node.
-
kubeletEndpoint (Object) Endpoint on which Kubelet is listening.
DaemonEndpoint contains information about a single Daemon endpoint.
- Port (integer) Port number of the given endpoint.
-
-
-
images ([]Object) List of container images on this node
Describe a container image
- names ([]string) Names by which this image is known. e.g. ["k8s.gcr.io/hyperkube:v1.0.7",
"dockerhub.io/google_containers/hyperkube:v1.0.7"]
- sizeBytes (integer) The size of the image in bytes.
-
-
nodeInfo (Object) Set of ids/uuids to uniquely identify the node. More info:
https://kubernetes.io/docs/concepts/nodes/node/#info
NodeSystemInfo is a set of ids/uuids to uniquely identify the node.
- architecture (string) The Architecture reported by the node
- bootID (string) Boot ID reported by the node.
- containerRuntimeVersion (string) ContainerRuntime Version reported by the node through runtime remote API
(e.g. docker://1.5.0).
- kernelVersion (string) Kernel Version reported by the node from 'uname -r' (e.g.
3.16.0-0.bpo.4-amd64).
- kubeProxyVersion (string) KubeProxy Version reported by the node.
- kubeletVersion (string) Kubelet Version reported by the node.
- machineID (string) MachineID reported by the node. For unique machine identification in the
cluster this field is preferred. Learn more from man(5) machine-id:
http://man7.org/linux/man-pages/man5/machine-id.5.html
- operatingSystem (string) The Operating System reported by the node
- osImage (string) OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7
(wheezy)).
- systemUUID (string) SystemUUID reported by the node. For unique machine identification
MachineID is preferred. This field is specific to Red Hat hosts
https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
-
- phase (string) NodePhase is the recently observed lifecycle phase of the node. More info:
https://kubernetes.io/docs/concepts/nodes/node/#phase The field is never
populated, and now is deprecated.
-
volumesAttached ([]Object) List of volumes that are attached to the node.
AttachedVolume describes a volume attached to a node
- devicePath (string) DevicePath represents the device path where the volume should be available
- name (string) Name of the attached volume
-
- volumesInUse ([]string) List of attachable volumes in use (mounted) by the node.
-
-
-
Namespace Namespace provides a scope for Names. Use of multiple namespaces is
optional.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec defines the behavior of the Namespace. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
NamespaceSpec describes the attributes on a Namespace.
- finalizers ([]string) Finalizers is an opaque list of values that must be empty to permanently
remove object from storage. More info:
https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
-
-
status (Object) Status describes the current status of a Namespace. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
NamespaceStatus is information about the current status of a Namespace.
-
conditions ([]Object) Represents the latest available observations of a namespace's current
state.
NamespaceCondition contains details about state of namespace.
- lastTransitionTime (string)
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) (empty)
- reason (string) (empty)
- status (string) Status of the condition, one of True, False, Unknown.
- type (string) Type of namespace controller condition.
-
- phase (string) Phase is the current lifecycle phase of the namespace. More info:
https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
-
-
-
Event Event is a report of an event somewhere in the cluster. Events have a
limited retention time and triggers and messages may evolve with time.
Event consumers should not rely on the timing of an event with a given
Reason reflecting a consistent underlying trigger, or the continued
existence of events with that Reason. Events should be treated as
informative, best-effort, supplemental data.
- action (string) What action was taken/failed regarding to the Regarding object.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- count (integer) The number of times this event has occurred.
- eventTime (string) Time when this Event was first observed.
MicroTime is version of Time with microsecond level precision.
- firstTimestamp (string) The time at which the event was first recorded. (Time of server receipt is
in TypeMeta.)
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
involvedObject (Object) The object that this event is about.
ObjectReference contains enough information to let you inspect or modify
the referred object.
- apiVersion (string) API version of the referent.
- fieldPath (string) If referring to a piece of an object instead of an entire object, this
string should contain a valid JSON/Go field access statement, such as
desiredState.manifest.containers[2]. For example, if the object reference
is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container
that triggered the event) or if no container name is specified
"spec.containers[2]" (container with index 2 in this pod). This syntax is
chosen only to have some well-defined way of referencing a part of an
object.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- namespace (string) Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- resourceVersion (string) Specific resourceVersion to which this reference is made, if any. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- uid (string) UID of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- lastTimestamp (string) The time at which the most recent occurrence of this event was recorded.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) A human-readable description of the status of this operation.
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- reason (string) This should be a short, machine understandable string that gives the reason
for the transition into the object's current status.
-
related (Object) Optional secondary object for more complex actions.
ObjectReference contains enough information to let you inspect or modify
the referred object.
- apiVersion (string) API version of the referent.
- fieldPath (string) If referring to a piece of an object instead of an entire object, this
string should contain a valid JSON/Go field access statement, such as
desiredState.manifest.containers[2]. For example, if the object reference
is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container
that triggered the event) or if no container name is specified
"spec.containers[2]" (container with index 2 in this pod). This syntax is
chosen only to have some well-defined way of referencing a part of an
object.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- namespace (string) Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- resourceVersion (string) Specific resourceVersion to which this reference is made, if any. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- uid (string) UID of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-
- reportingComponent (string) Name of the controller that emitted this Event, e.g.
`kubernetes.io/kubelet`.
- reportingInstance (string) ID of the controller instance, e.g. `kubelet-xyzf`.
-
series (Object) Data about the Event series this event represents or nil if it's a
singleton Event.
EventSeries contain information on series of events, i.e. thing that was/is
happening continuously for some time.
- count (integer) Number of occurrences in this series up to the last heartbeat time
- lastObservedTime (string) Time of the last occurrence observed
MicroTime is version of Time with microsecond level precision.
-
-
source (Object) The component reporting this event. Should be a short machine
understandable string.
EventSource contains information for an event.
- component (string) Component from which the event is generated.
- host (string) Node name on which the event is generated.
-
- type (string) Type of this event (Normal, Warning), new types could be added in the
future
-
Maps
-
ConfigMap ConfigMap holds configuration data for pods to consume.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- binaryData (map[string]string) BinaryData contains the binary data. Each key must consist of alphanumeric
characters, '-', '_' or '.'. BinaryData can contain byte sequences that are
not in the UTF-8 range. The keys stored in BinaryData must not overlap with
the ones in the Data field, this is enforced during validation process.
Using this field will require 1.10+ apiserver and kubelet.
- data (map[string]string) Data contains the configuration data. Each key must consist of alphanumeric
characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use
the BinaryData field. The keys stored in Data must not overlap with the
keys in the BinaryData field, this is enforced during validation process.
- immutable (boolean) Immutable, if set to true, ensures that data stored in the ConfigMap cannot
be updated (only object metadata can be modified). If not set to true, the
field can be modified at any time. Defaulted to nil.
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
-
Secret Secret holds secret data of a certain type. The total bytes of the values
in the Data field must be less than MaxSecretSize bytes.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- data (map[string]string) Data contains the secret data. Each key must consist of alphanumeric
characters, '-', '_' or '.'. The serialized form of the secret data is a
base64 encoded string, representing the arbitrary (possibly non-string)
data value here. Described in https://tools.ietf.org/html/rfc4648#section-4
- immutable (boolean) Immutable, if set to true, ensures that data stored in the Secret cannot be
updated (only object metadata can be modified). If not set to true, the
field can be modified at any time. Defaulted to nil.
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- stringData (map[string]string) stringData allows specifying non-binary secret data in string form. It is
provided as a write-only input field for convenience. All keys and values
are merged into the data field on write, overwriting any existing values.
The stringData field is never output when reading from the API.
- type (string) Used to facilitate programmatic handling of secret data. More info:
https://kubernetes.io/docs/concepts/configuration/secret/#secret-types
-
Network
-
ServiceAccount ServiceAccount binds together: * a name, understood by users, and perhaps
by peripheral systems, for an identity * a principal that can be
authenticated and authorized * a set of secrets
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- automountServiceAccountToken (boolean) AutomountServiceAccountToken indicates whether pods running as this service
account should have an API token automatically mounted. Can be overridden
at the pod level.
-
imagePullSecrets ([]Object) ImagePullSecrets is a list of references to secrets in the same namespace
to use for pulling any images in pods that reference this ServiceAccount.
ImagePullSecrets are distinct from Secrets because Secrets can be mounted
in the pod, but ImagePullSecrets are only accessed by the kubelet. More
info:
https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
secrets ([]Object) Secrets is the list of secrets allowed to be used by pods running using
this ServiceAccount. More info:
https://kubernetes.io/docs/concepts/configuration/secret
ObjectReference contains enough information to let you inspect or modify
the referred object.
- apiVersion (string) API version of the referent.
- fieldPath (string) If referring to a piece of an object instead of an entire object, this
string should contain a valid JSON/Go field access statement, such as
desiredState.manifest.containers[2]. For example, if the object reference
is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container
that triggered the event) or if no container name is specified
"spec.containers[2]" (container with index 2 in this pod). This syntax is
chosen only to have some well-defined way of referencing a part of an
object.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- namespace (string) Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- resourceVersion (string) Specific resourceVersion to which this reference is made, if any. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- uid (string) UID of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-
-
-
Service Service is a named abstraction of software service (for example, mysql)
consisting of local port (for example 3306) that the proxy listens on, and
the selector that determines which pods will answer requests sent through
the proxy.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec defines the behavior of a service.
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
ServiceSpec describes the attributes that a user creates on a service.
- allocateLoadBalancerNodePorts (boolean) allocateLoadBalancerNodePorts defines if NodePorts will be automatically
allocated for services with type LoadBalancer. Default is "true". It may be
set to "false" if the cluster load-balancer does not rely on NodePorts. If
the caller requests specific NodePorts (by specifying a value), those
requests will be respected, regardless of this field. This field may only
be set for services with type LoadBalancer and will be cleared if the type
is changed to any other type. This field is beta-level and is only honored
by servers that enable the ServiceLBNodePortControl feature.
- clusterIP (string) clusterIP is the IP address of the service and is usually assigned
randomly. If an address is specified manually, is in-range (as per system
configuration), and is not in use, it will be allocated to the service;
otherwise creation of the service will fail. This field may not be changed
through updates unless the type field is also being changed to ExternalName
(which requires this field to be blank) or the type field is being changed
from ExternalName (in which case this field may optionally be specified, as
describe above). Valid values are "None", empty string (""), or a valid IP
address. Setting this to "None" makes a "headless service" (no virtual IP),
which is useful when direct endpoint connections are preferred and proxying
is not required. Only applies to types ClusterIP, NodePort, and
LoadBalancer. If this field is specified when creating a Service of type
ExternalName, creation will fail. This field will be wiped when updating a
Service to type ExternalName. More info:
https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
- clusterIPs ([]string) ClusterIPs is a list of IP addresses assigned to this service, and are
usually assigned randomly. If an address is specified manually, is in-range
(as per system configuration), and is not in use, it will be allocated to
the service; otherwise creation of the service will fail. This field may
not be changed through updates unless the type field is also being changed
to ExternalName (which requires this field to be empty) or the type field
is being changed from ExternalName (in which case this field may optionally
be specified, as describe above). Valid values are "None", empty string
(""), or a valid IP address. Setting this to "None" makes a "headless
service" (no virtual IP), which is useful when direct endpoint connections
are preferred and proxying is not required. Only applies to types
ClusterIP, NodePort, and LoadBalancer. If this field is specified when
creating a Service of type ExternalName, creation will fail. This field
will be wiped when updating a Service to type ExternalName. If this field
is not specified, it will be initialized from the clusterIP field. If this
field is specified, clients must ensure that clusterIPs[0] and clusterIP
have the same value.
This field may hold a maximum of two entries (dual-stack IPs, in either
order). These IPs must correspond to the values of the ipFamilies field.
Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
More info:
https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
- externalIPs ([]string) externalIPs is a list of IP addresses for which nodes in the cluster will
also accept traffic for this service. These IPs are not managed by
Kubernetes. The user is responsible for ensuring that traffic arrives at a
node with this IP. A common example is external load-balancers that are not
part of the Kubernetes system.
- externalName (string) externalName is the external reference that discovery mechanisms will
return as an alias for this service (e.g. a DNS CNAME record). No proxying
will be involved. Must be a lowercase RFC-1123 hostname
(https://tools.ietf.org/html/rfc1123) and requires `type` to be
"ExternalName".
- externalTrafficPolicy (string) externalTrafficPolicy denotes if this Service desires to route external
traffic to node-local or cluster-wide endpoints. "Local" preserves the
client source IP and avoids a second hop for LoadBalancer and Nodeport type
services, but risks potentially imbalanced traffic spreading. "Cluster"
obscures the client source IP and may cause a second hop to another node,
but should have good overall load-spreading.
- healthCheckNodePort (integer) healthCheckNodePort specifies the healthcheck nodePort for the service.
This only applies when type is set to LoadBalancer and
externalTrafficPolicy is set to Local. If a value is specified, is
in-range, and is not in use, it will be used. If not specified, a value
will be automatically allocated. External systems (e.g. load-balancers) can
use this port to determine if a given node holds endpoints for this service
or not. If this field is specified when creating a Service which does not
need it, creation will fail. This field will be wiped when updating a
Service to no longer need it (e.g. changing type).
- internalTrafficPolicy (string) InternalTrafficPolicy specifies if the cluster internal traffic should be
routed to all endpoints or node-local endpoints only. "Cluster" routes
internal traffic to a Service to all endpoints. "Local" routes traffic to
node-local endpoints only, traffic is dropped if no node-local endpoints
are ready. The default value is "Cluster".
- ipFamilies ([]string) IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
service. This field is usually assigned automatically based on cluster
configuration and the ipFamilyPolicy field. If this field is specified
manually, the requested family is available in the cluster, and
ipFamilyPolicy allows it, it will be used; otherwise creation of the
service will fail. This field is conditionally mutable: it allows for
adding or removing a secondary IP family, but it does not allow changing
the primary IP family of the Service. Valid values are "IPv4" and "IPv6".
This field only applies to Services of types ClusterIP, NodePort, and
LoadBalancer, and does apply to "headless" services. This field will be
wiped when updating a Service to type ExternalName.
This field may hold a maximum of two entries (dual-stack families, in
either order). These families must correspond to the values of the
clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed
by the ipFamilyPolicy field.
- ipFamilyPolicy (string) IPFamilyPolicy represents the dual-stack-ness requested or required by this
Service. If there is no value provided, then this field will be set to
SingleStack. Services can be "SingleStack" (a single IP family),
"PreferDualStack" (two IP families on dual-stack configured clusters or a
single IP family on single-stack clusters), or "RequireDualStack" (two IP
families on dual-stack configured clusters, otherwise fail). The ipFamilies
and clusterIPs fields depend on the value of this field. This field will be
wiped when updating a service to type ExternalName.
- loadBalancerClass (string) loadBalancerClass is the class of the load balancer implementation this
Service belongs to. If specified, the value of this field must be a
label-style identifier, with an optional prefix, e.g. "internal-vip" or
"example.com/internal-vip". Unprefixed names are reserved for end-users.
This field can only be set when the Service type is 'LoadBalancer'. If not
set, the default load balancer implementation is used, today this is
typically done through the cloud provider integration, but should apply for
any default implementation. If set, it is assumed that a load balancer
implementation is watching for Services with a matching class. Any default
load balancer implementation (e.g. cloud providers) should ignore Services
that set this field. This field can only be set when creating or updating a
Service to type 'LoadBalancer'. Once set, it can not be changed. This field
will be wiped when a service is updated to a non 'LoadBalancer' type.
- loadBalancerIP (string) Only applies to Service Type: LoadBalancer LoadBalancer will get created
with the IP specified in this field. This feature depends on whether the
underlying cloud-provider supports specifying the loadBalancerIP when a
load balancer is created. This field will be ignored if the cloud-provider
does not support the feature.
- loadBalancerSourceRanges ([]string) If specified and supported by the platform, this will restrict traffic
through the cloud-provider load-balancer will be restricted to the
specified client IPs. This field will be ignored if the cloud-provider does
not support the feature." More info:
https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
-
ports ([]Object) The list of ports that are exposed by this service. More info:
https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
ServicePort contains information on service's port.
- appProtocol (string) The application protocol for this port. This field follows standard
Kubernetes label syntax. Un-prefixed names are reserved for IANA standard
service names (as per RFC-6335 and
http://www.iana.org/assignments/service-names). Non-standard protocols
should use prefixed names such as mycompany.com/my-custom-protocol.
- name (string) The name of this port within the service. This must be a DNS_LABEL. All
ports within a ServiceSpec must have unique names. When considering the
endpoints for a Service, this must match the 'name' field in the
EndpointPort. Optional if only one ServicePort is defined on this service.
- nodePort (integer) The port on each node on which this service is exposed when type is
NodePort or LoadBalancer. Usually assigned by the system. If a value is
specified, in-range, and not in use it will be used, otherwise the
operation will fail. If not specified, a port will be allocated if this
Service requires one. If this field is specified when creating a Service
which does not need it, creation will fail. This field will be wiped when
updating a Service to no longer need it (e.g. changing type from NodePort
to ClusterIP). More info:
https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
- port (integer) The port that will be exposed by this service.
- protocol (string) The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default
is TCP.
- targetPort (string) Number or name of the port to access on the pods targeted by the service.
Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If
this is a string, it will be looked up as a named port in the target Pod's
container ports. If this is not specified, the value of the 'port' field is
used (an identity map). This field is ignored for services with
clusterIP=None, and should be omitted or set equal to the 'port' field.
More info:
https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
- publishNotReadyAddresses (boolean) publishNotReadyAddresses indicates that any agent which deals with
endpoints for this Service should disregard any indications of
ready/not-ready. The primary use case for setting this field is for a
StatefulSet's Headless Service to propagate SRV DNS records for its Pods
for the purpose of peer discovery. The Kubernetes controllers that generate
Endpoints and EndpointSlice resources for Services interpret this to mean
that all endpoints are considered "ready" even if the Pods themselves are
not. Agents which consume only Kubernetes generated endpoints through the
Endpoints or EndpointSlice resources can safely assume this behavior.
- selector (map[string]string) Route service traffic to pods with label keys and values matching this
selector. If empty or not present, the service is assumed to have an
external process managing its endpoints, which Kubernetes will not modify.
Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if
type is ExternalName. More info:
https://kubernetes.io/docs/concepts/services-networking/service/
- sessionAffinity (string) Supports "ClientIP" and "None". Used to maintain session affinity. Enable
client IP based session affinity. Must be ClientIP or None. Defaults to
None. More info:
https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
-
sessionAffinityConfig (Object) sessionAffinityConfig contains the configurations of session affinity.
SessionAffinityConfig represents the configurations of session affinity.
-
clientIP (Object) clientIP contains the configurations of Client IP based session affinity.
ClientIPConfig represents the configurations of Client IP based session
affinity.
- timeoutSeconds (integer) timeoutSeconds specifies the seconds of ClientIP type session sticky time.
The value must be )0 && (=86400(for 1 day) if ServiceAffinity ==
"ClientIP". Default value is 10800(for 3 hours).
-
-
- type (string) type determines how the Service is exposed. Defaults to ClusterIP. Valid
options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
"ClusterIP" allocates a cluster-internal IP address for load-balancing to
endpoints. Endpoints are determined by the selector or if that is not
specified, by manual construction of an Endpoints object or EndpointSlice
objects. If clusterIP is "None", no virtual IP is allocated and the
endpoints are published as a set of endpoints rather than a virtual IP.
"NodePort" builds on ClusterIP and allocates a port on every node which
routes to the same endpoints as the clusterIP. "LoadBalancer" builds on
NodePort and creates an external load-balancer (if supported in the current
cloud) which routes to the same endpoints as the clusterIP. "ExternalName"
aliases this service to the specified externalName. Several other fields do
not apply to ExternalName services. More info:
https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
-
-
status (Object) Most recently observed status of the service. Populated by the system.
Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
ServiceStatus represents the current status of a service.
-
conditions ([]Object) Current service state
Condition contains details for one aspect of the current state of this API
Resource.
- lastTransitionTime (string) lastTransitionTime is the last time the condition transitioned from one
status to another. This should be when the underlying condition changed. If
that is not known, then using the time when the API field changed is
acceptable.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) message is a human readable message indicating details about the
transition. This may be an empty string.
- observedGeneration (integer) observedGeneration represents the .metadata.generation that the condition
was set based upon. For instance, if .metadata.generation is currently 12,
but the .status.conditions[x].observedGeneration is 9, the condition is out
of date with respect to the current state of the instance.
- reason (string) reason contains a programmatic identifier indicating the reason for the
condition's last transition. Producers of specific condition types may
define expected values and meanings for this field, and whether the values
are considered a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
- status (string) status of the condition, one of True, False, Unknown.
- type (string) type of condition in CamelCase or in foo.example.com/CamelCase.
-
-
loadBalancer (Object) LoadBalancer contains the current status of the load-balancer, if one is
present.
LoadBalancerStatus represents the status of a load-balancer.
-
ingress ([]Object) Ingress is a list containing ingress points for the load-balancer. Traffic
intended for the service should be sent to these ingress points.
LoadBalancerIngress represents the status of a load-balancer ingress point:
traffic intended for the service should be sent to an ingress point.
- hostname (string) Hostname is set for load-balancer ingress points that are DNS based
(typically AWS load-balancers)
- ip (string) IP is set for load-balancer ingress points that are IP based (typically GCE
or OpenStack load-balancers)
-
ports ([]Object) Ports is a list of records of service ports If used, every port defined in
the service should have an entry in it
- error (string) Error is to record the problem with the service port The format of the
error shall comply with the following rules: - built-in error values shall
be specified in this file and those shall use CamelCase names
- cloud provider specific error values must have names that comply with the
format foo.example.com/CamelCase.
- port (integer) Port is the port number of the service port of which status is recorded
here
- protocol (string) Protocol is the protocol of the service port of which status is recorded
here The supported values are: "TCP", "UDP", "SCTP"
-
-
-
-
-
-
EndpointSlice EndpointSlice represents a subset of the endpoints that implement a
service. For a given service there may be multiple EndpointSlice objects,
selected by labels, which must be joined to produce the full set of
endpoints.
- addressType (string) addressType specifies the type of address carried by this EndpointSlice.
All addresses in this slice must be the same type. This field is immutable
after creation. The following address types are currently supported: *
IPv4: Represents an IPv4 Address. * IPv6: Represents an IPv6 Address. *
FQDN: Represents a Fully Qualified Domain Name.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-
endpoints ([]Object) endpoints is a list of unique endpoints in this slice. Each slice may
include a maximum of 1000 endpoints.
Endpoint represents a single logical "backend" implementing a service.
- addresses ([]string) addresses of this endpoint. The contents of this field are interpreted
according to the corresponding EndpointSlice addressType field. Consumers
must handle different types of addresses in the context of their own
capabilities. This must contain at least one address but no more than 100.
-
conditions (Object) conditions contains information about the current status of the endpoint.
EndpointConditions represents the current condition of an endpoint.
- ready (boolean) ready indicates that this endpoint is prepared to receive traffic,
according to whatever system is managing the endpoint. A nil value
indicates an unknown state. In most cases consumers should interpret this
unknown state as ready. For compatibility reasons, ready should never be
"true" for terminating endpoints.
- serving (boolean) serving is identical to ready except that it is set regardless of the
terminating state of endpoints. This condition should be set to true for a
ready endpoint that is terminating. If nil, consumers should defer to the
ready condition. This field can be enabled with the
EndpointSliceTerminatingCondition feature gate.
- terminating (boolean) terminating indicates that this endpoint is terminating. A nil value
indicates an unknown state. Consumers should interpret this unknown state
to mean that the endpoint is not terminating. This field can be enabled
with the EndpointSliceTerminatingCondition feature gate.
-
- deprecatedTopology (map[string]string) deprecatedTopology contains topology information part of the v1beta1 API.
This field is deprecated, and will be removed when the v1beta1 API is
removed (no sooner than kubernetes v1.24). While this field can hold
values, it is not writable through the v1 API, and any attempts to write to
it will be silently ignored. Topology information can be found in the zone
and nodeName fields instead.
-
hints (Object) hints contains information associated with how an endpoint should be
consumed.
EndpointHints provides hints describing how an endpoint should be consumed.
-
forZones ([]Object) forZones indicates the zone(s) this endpoint should be consumed by to
enable topology aware routing.
ForZone provides information about which zones should consume this
endpoint.
- name (string) name represents the name of the zone.
-
-
- hostname (string) hostname of this endpoint. This field may be used by consumers of endpoints
to distinguish endpoints from each other (e.g. in DNS names). Multiple
endpoints which use the same hostname should be considered fungible (e.g.
multiple A values in DNS). Must be lowercase and pass DNS Label (RFC 1123)
validation.
- nodeName (string) nodeName represents the name of the Node hosting this endpoint. This can be
used to determine endpoints local to a Node. This field can be enabled with
the EndpointSliceNodeName feature gate.
-
targetRef (Object) targetRef is a reference to a Kubernetes object that represents this
endpoint.
ObjectReference contains enough information to let you inspect or modify
the referred object.
- apiVersion (string) API version of the referent.
- fieldPath (string) If referring to a piece of an object instead of an entire object, this
string should contain a valid JSON/Go field access statement, such as
desiredState.manifest.containers[2]. For example, if the object reference
is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container
that triggered the event) or if no container name is specified
"spec.containers[2]" (container with index 2 in this pod). This syntax is
chosen only to have some well-defined way of referencing a part of an
object.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- namespace (string) Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- resourceVersion (string) Specific resourceVersion to which this reference is made, if any. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- uid (string) UID of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-
- zone (string) zone is the name of the Zone this endpoint exists in.
-
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
ports ([]Object) ports specifies the list of network ports exposed by each endpoint in this
slice. Each port must have a unique name. When ports is empty, it indicates
that there are no defined ports. When a port is defined with a nil port
value, it indicates "all ports". Each slice may include a maximum of 100
ports.
EndpointPort represents a Port used by an EndpointSlice
- appProtocol (string) The application protocol for this port. This field follows standard
Kubernetes label syntax. Un-prefixed names are reserved for IANA standard
service names (as per RFC-6335 and
http://www.iana.org/assignments/service-names). Non-standard protocols
should use prefixed names such as mycompany.com/my-custom-protocol.
- name (string) The name of this port. All ports in an EndpointSlice must have a unique
name. If the EndpointSlice is dervied from a Kubernetes service, this
corresponds to the Service.ports[].name. Name must either be an empty
string or pass DNS_LABEL validation: * must be no more than 63 characters
long. * must consist of lower case alphanumeric characters or '-'. * must
start and end with an alphanumeric character. Default is empty string.
- port (integer) The port number of the endpoint. If this is not specified, ports are not
restricted and must be interpreted in the context of the specific consumer.
- protocol (string) The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.
-
-
-
Endpoints Endpoints is a collection of endpoints that implement the actual service.
Example: Name: "mysvc", Subsets: [
{
Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
},
{
Addresses: [{"ip": "10.10.3.3"}],
Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}]
},
]
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
subsets ([]Object) The set of all endpoints is the union of all subsets. Addresses are placed
into subsets according to the IPs they share. A single address with
multiple ports, some of which are ready and some of which are not (because
they come from different containers) will result in the address being
displayed in different subsets for the different ports. No address will
appear in both Addresses and NotReadyAddresses in the same subset. Sets of
addresses and ports that comprise a service.
EndpointSubset is a group of addresses with a common set of ports. The
expanded set of endpoints is the Cartesian product of Addresses x Ports.
For example, given:
{
Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
} The resulting set of endpoints can be viewed as:
a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],
b: [ 10.10.1.1:309, 10.10.2.2:309 ]
-
addresses ([]Object) IP addresses which offer the related ports that are marked as ready. These
endpoints should be considered safe for load balancers and clients to
utilize.
EndpointAddress is a tuple that describes single IP address.
- hostname (string) The Hostname of this endpoint
- ip (string) The IP of this endpoint. May not be loopback (127.0.0.0/8), link-local
(169.254.0.0/16), or link-local multicast ((224.0.0.0/24). IPv6 is also
accepted but not fully supported on all platforms. Also, certain kubernetes
components, like kube-proxy, are not IPv6 ready.
- nodeName (string) Optional: Node hosting this endpoint. This can be used to determine
endpoints local to a node.
-
targetRef (Object) Reference to object providing the endpoint.
ObjectReference contains enough information to let you inspect or modify
the referred object.
- apiVersion (string) API version of the referent.
- fieldPath (string) If referring to a piece of an object instead of an entire object, this
string should contain a valid JSON/Go field access statement, such as
desiredState.manifest.containers[2]. For example, if the object reference
is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container
that triggered the event) or if no container name is specified
"spec.containers[2]" (container with index 2 in this pod). This syntax is
chosen only to have some well-defined way of referencing a part of an
object.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- namespace (string) Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- resourceVersion (string) Specific resourceVersion to which this reference is made, if any. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- uid (string) UID of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-
-
-
notReadyAddresses ([]Object) IP addresses which offer the related ports but are not currently marked as
ready because they have not yet finished starting, have recently failed a
readiness check, or have recently failed a liveness check.
EndpointAddress is a tuple that describes single IP address.
- hostname (string) The Hostname of this endpoint
- ip (string) The IP of this endpoint. May not be loopback (127.0.0.0/8), link-local
(169.254.0.0/16), or link-local multicast ((224.0.0.0/24). IPv6 is also
accepted but not fully supported on all platforms. Also, certain kubernetes
components, like kube-proxy, are not IPv6 ready.
- nodeName (string) Optional: Node hosting this endpoint. This can be used to determine
endpoints local to a node.
-
targetRef (Object) Reference to object providing the endpoint.
ObjectReference contains enough information to let you inspect or modify
the referred object.
- apiVersion (string) API version of the referent.
- fieldPath (string) If referring to a piece of an object instead of an entire object, this
string should contain a valid JSON/Go field access statement, such as
desiredState.manifest.containers[2]. For example, if the object reference
is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container
that triggered the event) or if no container name is specified
"spec.containers[2]" (container with index 2 in this pod). This syntax is
chosen only to have some well-defined way of referencing a part of an
object.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- namespace (string) Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- resourceVersion (string) Specific resourceVersion to which this reference is made, if any. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- uid (string) UID of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-
-
-
ports ([]Object) Port numbers available on the related IP addresses.
EndpointPort is a tuple that describes a single port.
- appProtocol (string) The application protocol for this port. This field follows standard
Kubernetes label syntax. Un-prefixed names are reserved for IANA standard
service names (as per RFC-6335 and
http://www.iana.org/assignments/service-names). Non-standard protocols
should use prefixed names such as mycompany.com/my-custom-protocol.
- name (string) The name of this port. This must match the 'name' field in the
corresponding ServicePort. Must be a DNS_LABEL. Optional only if one port
is defined.
- port (integer) The port number of the endpoint.
- protocol (string) The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.
-
-
-
-
NetworkPolicy NetworkPolicy describes what network traffic is allowed for a set of Pods
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the desired behavior for this NetworkPolicy.
NetworkPolicySpec provides the specification of a NetworkPolicy
-
egress ([]Object) List of egress rules to be applied to the selected pods. Outgoing traffic
is allowed if there are no NetworkPolicies selecting the pod (and cluster
policy otherwise allows the traffic), OR if the traffic matches at least
one egress rule across all of the NetworkPolicy objects whose podSelector
matches the pod. If this field is empty then this NetworkPolicy limits all
outgoing traffic (and serves solely to ensure that the pods it selects are
isolated by default). This field is beta-level in 1.8
NetworkPolicyEgressRule describes a particular set of traffic that is
allowed out of pods matched by a NetworkPolicySpec's podSelector. The
traffic must match both ports and to. This type is beta-level in 1.8
-
ports ([]Object) List of destination ports for outgoing traffic. Each item in this list is
combined using a logical OR. If this field is empty or missing, this rule
matches all ports (traffic not restricted by port). If this field is
present and contains at least one item, then this rule allows traffic only
if the traffic matches at least one port in the list.
NetworkPolicyPort describes a port to allow traffic on
- endPort (integer) If set, indicates that the range of ports from port to endPort, inclusive,
should be allowed by the policy. This field cannot be defined if the port
field is not defined or if the port field is defined as a named (string)
port. The endPort must be equal or greater than port. This feature is in
Beta state and is enabled by default. It can be disabled using the Feature
Gate "NetworkPolicyEndPort".
- port (string) The port on the given protocol. This can either be a numerical or named
port on a pod. If this field is not provided, this matches all port names
and numbers. If present, only traffic on the specified protocol AND port
will be matched.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- protocol (string) The protocol (TCP, UDP, or SCTP) which traffic must match. If not
specified, this field defaults to TCP.
-
-
to ([]Object) List of destinations for outgoing traffic of pods selected for this rule.
Items in this list are combined using a logical OR operation. If this field
is empty or missing, this rule matches all destinations (traffic not
restricted by destination). If this field is present and contains at least
one item, this rule allows traffic only if the traffic matches at least one
item in the to list.
NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain
combinations of fields are allowed
-
ipBlock (Object) IPBlock defines policy on a particular IPBlock. If this field is set then
neither of the other fields can be.
IPBlock describes a particular CIDR (Ex. "192.168.1.1/24","2001:db9::/64")
that is allowed to the pods matched by a NetworkPolicySpec's podSelector.
The except entry describes CIDRs that should not be included within this
rule.
- cidr (string) CIDR is a string representing the IP Block Valid examples are
"192.168.1.1/24" or "2001:db9::/64"
- except ([]string) Except is a slice of CIDRs that should not be included within an IP Block
Valid examples are "192.168.1.1/24" or "2001:db9::/64" Except values will
be rejected if they are outside the CIDR range
-
-
namespaceSelector (Object) Selects Namespaces using cluster-scoped labels. This field follows standard
label selector semantics; if present but empty, it selects all namespaces.
If PodSelector is also set, then the NetworkPolicyPeer as a whole selects
the Pods matching PodSelector in the Namespaces selected by
NamespaceSelector. Otherwise it selects all Pods in the Namespaces selected
by NamespaceSelector.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
podSelector (Object) This is a label selector which selects Pods. This field follows standard
label selector semantics; if present but empty, it selects all pods.
If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole
selects the Pods matching PodSelector in the Namespaces selected by
NamespaceSelector. Otherwise it selects the Pods matching PodSelector in
the policy's own Namespace.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
-
-
ingress ([]Object) List of ingress rules to be applied to the selected pods. Traffic is
allowed to a pod if there are no NetworkPolicies selecting the pod (and
cluster policy otherwise allows the traffic), OR if the traffic source is
the pod's local node, OR if the traffic matches at least one ingress rule
across all of the NetworkPolicy objects whose podSelector matches the pod.
If this field is empty then this NetworkPolicy does not allow any traffic
(and serves solely to ensure that the pods it selects are isolated by
default)
NetworkPolicyIngressRule describes a particular set of traffic that is
allowed to the pods matched by a NetworkPolicySpec's podSelector. The
traffic must match both ports and from.
-
from ([]Object) List of sources which should be able to access the pods selected for this
rule. Items in this list are combined using a logical OR operation. If this
field is empty or missing, this rule matches all sources (traffic not
restricted by source). If this field is present and contains at least one
item, this rule allows traffic only if the traffic matches at least one
item in the from list.
NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain
combinations of fields are allowed
-
ipBlock (Object) IPBlock defines policy on a particular IPBlock. If this field is set then
neither of the other fields can be.
IPBlock describes a particular CIDR (Ex. "192.168.1.1/24","2001:db9::/64")
that is allowed to the pods matched by a NetworkPolicySpec's podSelector.
The except entry describes CIDRs that should not be included within this
rule.
- cidr (string) CIDR is a string representing the IP Block Valid examples are
"192.168.1.1/24" or "2001:db9::/64"
- except ([]string) Except is a slice of CIDRs that should not be included within an IP Block
Valid examples are "192.168.1.1/24" or "2001:db9::/64" Except values will
be rejected if they are outside the CIDR range
-
-
namespaceSelector (Object) Selects Namespaces using cluster-scoped labels. This field follows standard
label selector semantics; if present but empty, it selects all namespaces.
If PodSelector is also set, then the NetworkPolicyPeer as a whole selects
the Pods matching PodSelector in the Namespaces selected by
NamespaceSelector. Otherwise it selects all Pods in the Namespaces selected
by NamespaceSelector.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
podSelector (Object) This is a label selector which selects Pods. This field follows standard
label selector semantics; if present but empty, it selects all pods.
If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole
selects the Pods matching PodSelector in the Namespaces selected by
NamespaceSelector. Otherwise it selects the Pods matching PodSelector in
the policy's own Namespace.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
-
ports ([]Object) List of ports which should be made accessible on the pods selected for this
rule. Each item in this list is combined using a logical OR. If this field
is empty or missing, this rule matches all ports (traffic not restricted by
port). If this field is present and contains at least one item, then this
rule allows traffic only if the traffic matches at least one port in the
list.
NetworkPolicyPort describes a port to allow traffic on
- endPort (integer) If set, indicates that the range of ports from port to endPort, inclusive,
should be allowed by the policy. This field cannot be defined if the port
field is not defined or if the port field is defined as a named (string)
port. The endPort must be equal or greater than port. This feature is in
Beta state and is enabled by default. It can be disabled using the Feature
Gate "NetworkPolicyEndPort".
- port (string) The port on the given protocol. This can either be a numerical or named
port on a pod. If this field is not provided, this matches all port names
and numbers. If present, only traffic on the specified protocol AND port
will be matched.
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- protocol (string) The protocol (TCP, UDP, or SCTP) which traffic must match. If not
specified, this field defaults to TCP.
-
-
-
podSelector (Object) Selects the pods to which this NetworkPolicy object applies. The array of
ingress rules is applied to any pods selected by this field. Multiple
network policies can select the same set of pods. In this case, the ingress
rules for each are combined additively. This field is NOT optional and
follows standard label selector semantics. An empty podSelector matches all
pods in this namespace.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- policyTypes ([]string) List of rule types that the NetworkPolicy relates to. Valid options are
["Ingress"], ["Egress"], or ["Ingress", "Egress"]. If this field is not
specified, it will default based on the existence of Ingress or Egress
rules; policies that contain an Egress section are assumed to affect
Egress, and all policies (whether or not they contain an Ingress section)
are assumed to affect Ingress. If you want to write an egress-only policy,
you must explicitly specify policyTypes [ "Egress" ]. Likewise, if you want
to write a policy that specifies that no egress is allowed, you must
specify a policyTypes value that include "Egress" (since such a policy
would not include an Egress section and would otherwise default to just [
"Ingress" ]). This field is beta-level in 1.8
-
-
-
Ingress Ingress is a collection of rules that allow inbound connections to reach
the endpoints defined by a backend. An Ingress can be configured to give
services externally-reachable urls, load balance traffic, terminate SSL,
offer name based virtual hosting etc.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec is the desired state of the Ingress. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
IngressSpec describes the Ingress the user wishes to exist.
-
defaultBackend (Object) DefaultBackend is the backend that should handle requests that don't match
any rule. If Rules are not specified, DefaultBackend must be specified. If
DefaultBackend is not set, the handling of requests that do not match any
of the rules will be up to the Ingress controller.
IngressBackend describes all endpoints for a given service and port.
-
resource (Object) Resource is an ObjectRef to another Kubernetes resource in the namespace of
the Ingress object. If resource is specified, a service.Name and
service.Port must not be specified. This is a mutually exclusive setting
with "Service".
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
service (Object) Service references a Service as a Backend. This is a mutually exclusive
setting with "Resource".
IngressServiceBackend references a Kubernetes Service as a Backend.
- name (string) Name is the referenced service. The service must exist in the same
namespace as the Ingress object.
-
port (Object) Port of the referenced service. A port name or port number is required for
a IngressServiceBackend.
ServiceBackendPort is the service port being referenced.
- name (string) Name is the name of the port on the Service. This is a mutually exclusive
setting with "Number".
- number (integer) Number is the numerical port number (e.g. 80) on the Service. This is a
mutually exclusive setting with "Name".
-
-
-
- ingressClassName (string) IngressClassName is the name of the IngressClass cluster resource. The
associated IngressClass defines which controller will implement the
resource. This replaces the deprecated `kubernetes.io/ingress.class`
annotation. For backwards compatibility, when that annotation is set, it
must be given precedence over this field. The controller may emit a warning
if the field and annotation have different values. Implementations of this
API should ignore Ingresses without a class specified. An IngressClass
resource may be marked as default, which can be used to set a default value
for this field. For more information, refer to the IngressClass
documentation.
-
rules ([]Object) A list of host rules used to configure the Ingress. If unspecified, or no
rule matches, all traffic is sent to the default backend.
IngressRule represents the rules mapping the paths under a specified host
to the related backend services. Incoming requests are first evaluated for
a host match, then routed to the backend associated with the matching
IngressRuleValue.
- host (string) Host is the fully qualified domain name of a network host, as defined by
RFC 3986. Note the following deviations from the "host" part of the URI as
defined in RFC 3986: 1. IPs are not allowed. Currently an IngressRuleValue
can only apply to the IP in the Spec of the parent Ingress.
2. The `:` delimiter is not respected because ports are not allowed.
Currently the port of an Ingress is implicitly :80 for http and :443 for
https. Both these may change in the future. Incoming requests are matched
against the host before the IngressRuleValue. If the host is unspecified,
the Ingress routes all traffic based on the specified IngressRuleValue.
Host can be "precise" which is a domain name without the terminating dot of
a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name
prefixed with a single wildcard label (e.g. "*.foo.com"). The wildcard
character '*' must appear by itself as the first DNS label and matches only
a single label. You cannot have a wildcard label by itself (e.g. Host ==
"*"). Requests will be matched against the Host field in the following way:
1. If Host is precise, the request matches this rule if the http host
header is equal to Host. 2. If Host is a wildcard, then the request matches
this rule if the http host header is to equal to the suffix (removing the
first label) of the wildcard rule.
-
http (Object)
HTTPIngressRuleValue is a list of http selectors pointing to backends. In
the example: http://(host)/(path)?(searchpart) -) backend where where parts
of the url correspond to RFC 3986, this resource will be used to match
against everything after the last '/' and before the first '?' or '#'.
-
paths ([]Object) A collection of paths that map requests to backends.
HTTPIngressPath associates a path with a backend. Incoming urls matching
the path are forwarded to the backend.
-
backend (Object) Backend defines the referenced service endpoint to which the traffic will
be forwarded to.
IngressBackend describes all endpoints for a given service and port.
-
resource (Object) Resource is an ObjectRef to another Kubernetes resource in the namespace of
the Ingress object. If resource is specified, a service.Name and
service.Port must not be specified. This is a mutually exclusive setting
with "Service".
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
service (Object) Service references a Service as a Backend. This is a mutually exclusive
setting with "Resource".
IngressServiceBackend references a Kubernetes Service as a Backend.
- name (string) Name is the referenced service. The service must exist in the same
namespace as the Ingress object.
-
port (Object) Port of the referenced service. A port name or port number is required for
a IngressServiceBackend.
ServiceBackendPort is the service port being referenced.
- name (string) Name is the name of the port on the Service. This is a mutually exclusive
setting with "Number".
- number (integer) Number is the numerical port number (e.g. 80) on the Service. This is a
mutually exclusive setting with "Name".
-
-
-
- path (string) Path is matched against the path of an incoming request. Currently it can
contain characters disallowed from the conventional "path" part of a URL as
defined by RFC 3986. Paths must begin with a '/' and must be present when
using PathType with value "Exact" or "Prefix".
- pathType (string) PathType determines the interpretation of the Path matching. PathType can
be one of the following values: * Exact: Matches the URL path exactly. *
Prefix: Matches based on a URL path prefix split by '/'. Matching is done
on a path element by element basis. A path element refers is the list of
labels in the path split by the '/' separator. A request is a match for
path p if every p is an element-wise prefix of p of the request path. Note
that if the last element of the path is a substring of the last element in
request path, it is not a match (e.g. /foo/bar matches /foo/bar/baz, but
does not match /foo/barbaz).
* ImplementationSpecific: Interpretation of the Path matching is up to the
IngressClass. Implementations can treat this as a separate PathType or
treat it identically to Prefix or Exact path types. Implementations are
required to support all path types.
-
-
-
-
tls ([]Object) TLS configuration. Currently the Ingress only supports a single TLS port,
443. If multiple members of this list specify different hosts, they will be
multiplexed on the same port according to the hostname specified through
the SNI TLS extension, if the ingress controller fulfilling the ingress
supports SNI.
IngressTLS describes the transport layer security associated with an
Ingress.
- hosts ([]string) Hosts are a list of hosts included in the TLS certificate. The values in
this list must match the name/s used in the tlsSecret. Defaults to the
wildcard host setting for the loadbalancer controller fulfilling this
Ingress, if left unspecified.
- secretName (string) SecretName is the name of the secret used to terminate TLS traffic on port
443. Field is left optional to allow TLS routing based on SNI hostname
alone. If the SNI host in a listener conflicts with the "Host" header field
used by an IngressRule, the SNI host is used for termination and value of
the Host header is used for routing.
-
-
-
status (Object) Status is the current state of the Ingress. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
IngressStatus describe the current state of the Ingress.
-
loadBalancer (Object) LoadBalancer contains the current status of the load-balancer.
LoadBalancerStatus represents the status of a load-balancer.
-
ingress ([]Object) Ingress is a list containing ingress points for the load-balancer. Traffic
intended for the service should be sent to these ingress points.
LoadBalancerIngress represents the status of a load-balancer ingress point:
traffic intended for the service should be sent to an ingress point.
- hostname (string) Hostname is set for load-balancer ingress points that are DNS based
(typically AWS load-balancers)
- ip (string) IP is set for load-balancer ingress points that are IP based (typically GCE
or OpenStack load-balancers)
-
ports ([]Object) Ports is a list of records of service ports If used, every port defined in
the service should have an entry in it
- error (string) Error is to record the problem with the service port The format of the
error shall comply with the following rules: - built-in error values shall
be specified in this file and those shall use CamelCase names
- cloud provider specific error values must have names that comply with the
format foo.example.com/CamelCase.
- port (integer) Port is the port number of the service port of which status is recorded
here
- protocol (string) Protocol is the protocol of the service port of which status is recorded
here The supported values are: "TCP", "UDP", "SCTP"
-
-
-
-
-
-
IngressClass IngressClass represents the class of the Ingress, referenced by the Ingress
Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be
used to indicate that an IngressClass should be considered default. When a
single IngressClass resource has this annotation set to true, new Ingress
resources without a class specified will be assigned this default class.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec is the desired state of the IngressClass. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
IngressClassSpec provides information about the class of an Ingress.
- controller (string) Controller refers to the name of the controller that should handle this
class. This allows for different "flavors" that are controlled by the same
controller. For example, you may have different Parameters for the same
implementing controller. This should be specified as a domain-prefixed path
no more than 250 characters in length, e.g. "acme.io/ingress-controller".
This field is immutable.
-
parameters (Object) Parameters is a link to a custom resource containing additional
configuration for the controller. This is optional if the controller does
not require extra parameters.
IngressClassParametersReference identifies an API object. This can be used
to specify a cluster or namespace-scoped resource.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced.
- name (string) Name is the name of resource being referenced.
- namespace (string) Namespace is the namespace of the resource being referenced. This field is
required when scope is set to "Namespace" and must be unset when scope is
set to "Cluster".
- scope (string) Scope represents if this refers to a cluster or namespace scoped resource.
This may be set to "Cluster" (default) or "Namespace".
-
-
-
Limits
-
LimitRange LimitRange sets resource usage limits for each kind of resource in a
Namespace.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec defines the limits enforced. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
LimitRangeSpec defines a min/max usage limit for resources that match on
kind.
-
limits ([]Object) Limits is the list of LimitRangeItem objects that are enforced.
LimitRangeItem defines a min/max usage limit for any resource that matches
on kind.
- default (map[string]string) Default resource requirement limit value by resource name if resource limit
is omitted.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- defaultRequest (map[string]string) DefaultRequest is the default resource requirement request value by
resource name if resource request is omitted.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- max (map[string]string) Max usage constraints on this kind by resource name.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- maxLimitRequestRatio (map[string]string) MaxLimitRequestRatio if specified, the named resource must have a request
and limit that are both non-zero where limit divided by request is less
than or equal to the enumerated value; this represents the max burst for
the named resource.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- min (map[string]string) Min usage constraints on this kind by resource name.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- type (string) Type of resource that this limit applies to.
-
-
-
-
ResourceQuota ResourceQuota sets aggregate quota restrictions enforced per namespace
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec defines the desired quota.
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
ResourceQuotaSpec defines the desired hard limits to enforce for Quota.
- hard (map[string]string) hard is the set of desired hard limits for each named resource. More info:
https://kubernetes.io/docs/concepts/policy/resource-quotas/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
scopeSelector (Object) scopeSelector is also a collection of filters like scopes that must match
each object tracked by a quota but expressed using ScopeSelectorOperator in
combination with possible values. For a resource to match, both scopes AND
scopeSelector (if specified in spec), must be matched.
A scope selector represents the AND of the selectors represented by the
scoped-resource selector requirements.
-
matchExpressions ([]Object) A list of scope selector requirements by scope of the resources.
A scoped-resource selector requirement is a selector that contains values,
a scope name, and an operator that relates the scope name and values.
- operator (string) Represents a scope's relationship to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist.
- scopeName (string) The name of the scope that the selector applies to.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic merge patch.
-
-
- scopes ([]string) A collection of filters that must match each object tracked by a quota. If
not specified, the quota matches all objects.
-
-
status (Object) Status defines the actual enforced quota and its current usage.
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
ResourceQuotaStatus defines the enforced hard limits and observed use.
- hard (map[string]string) Hard is the set of enforced hard limits for each named resource. More info:
https://kubernetes.io/docs/concepts/policy/resource-quotas/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- used (map[string]string) Used is the current observed total usage of the resource in the namespace.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
Security
-
RoleBinding RoleBinding references a role, but does not contain it. It can reference a
Role in the same namespace or a ClusterRole in the global namespace. It
adds who information via Subjects and namespace information by which
namespace it exists in. RoleBindings in a given namespace only have effect
in that namespace.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
roleRef (Object) RoleRef can reference a Role in the current namespace or a ClusterRole in
the global namespace. If the RoleRef cannot be resolved, the Authorizer
must return an error.
RoleRef contains information that points to the role being used
- apiGroup (string) APIGroup is the group for the resource being referenced
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
subjects ([]Object) Subjects holds references to the objects the role applies to.
Subject contains a reference to the object or user identities a role
binding applies to. This can either hold a direct API object reference, or
a value for non-objects such as user and group names.
- apiGroup (string) APIGroup holds the API group of the referenced subject. Defaults to "" for
ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User
and Group subjects.
- kind (string) Kind of object being referenced. Values defined by this API group are
"User", "Group", and "ServiceAccount". If the Authorizer does not
recognized the kind value, the Authorizer should report an error.
- name (string) Name of the object being referenced.
- namespace (string) Namespace of the referenced object. If the object kind is non-namespace,
such as "User" or "Group", and this value is not empty the Authorizer
should report an error.
-
-
-
Role Role is a namespaced, logical grouping of PolicyRules that can be
referenced as a unit by a RoleBinding.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
rules ([]Object) Rules holds all the PolicyRules for this Role
PolicyRule holds information that describes a policy rule, but does not
contain information about who the rule applies to or which namespace the
rule applies to.
- apiGroups ([]string) APIGroups is the name of the APIGroup that contains the resources. If
multiple API groups are specified, any action requested against one of the
enumerated resources in any API group will be allowed.
- nonResourceURLs ([]string) NonResourceURLs is a set of partial urls that a user should have access to.
*s are allowed, but only as the full, final step in the path Since
non-resource URLs are not namespaced, this field is only applicable for
ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply
to API resources (such as "pods" or "secrets") or non-resource URL paths
(such as "/api"), but not both.
- resourceNames ([]string) ResourceNames is an optional white list of names that the rule applies to.
An empty set means that everything is allowed.
- resources ([]string) Resources is a list of resources this rule applies to. '*' represents all
resources.
- verbs ([]string) Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in
this rule. '*' represents all verbs.
-
-
-
ClusterRoleBinding ClusterRoleBinding references a ClusterRole, but not contain it. It can
reference a ClusterRole in the global namespace, and adds who information
via Subject.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
roleRef (Object) RoleRef can only reference a ClusterRole in the global namespace. If the
RoleRef cannot be resolved, the Authorizer must return an error.
RoleRef contains information that points to the role being used
- apiGroup (string) APIGroup is the group for the resource being referenced
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
subjects ([]Object) Subjects holds references to the objects the role applies to.
Subject contains a reference to the object or user identities a role
binding applies to. This can either hold a direct API object reference, or
a value for non-objects such as user and group names.
- apiGroup (string) APIGroup holds the API group of the referenced subject. Defaults to "" for
ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User
and Group subjects.
- kind (string) Kind of object being referenced. Values defined by this API group are
"User", "Group", and "ServiceAccount". If the Authorizer does not
recognized the kind value, the Authorizer should report an error.
- name (string) Name of the object being referenced.
- namespace (string) Namespace of the referenced object. If the object kind is non-namespace,
such as "User" or "Group", and this value is not empty the Authorizer
should report an error.
-
-
-
ClusterRole ClusterRole is a cluster level, logical grouping of PolicyRules that can be
referenced as a unit by a RoleBinding or ClusterRoleBinding.
-
aggregationRule (Object) AggregationRule is an optional field that describes how to build the Rules
for this ClusterRole. If AggregationRule is set, then the Rules are
controller managed and direct changes to Rules will be stomped by the
controller.
AggregationRule describes how to locate ClusterRoles to aggregate into the
ClusterRole
-
clusterRoleSelectors ([]Object) ClusterRoleSelectors holds a list of selectors which will be used to find
ClusterRoles and create the rules. If any of the selectors match, then the
ClusterRole's permissions will be added
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
rules ([]Object) Rules holds all the PolicyRules for this ClusterRole
PolicyRule holds information that describes a policy rule, but does not
contain information about who the rule applies to or which namespace the
rule applies to.
- apiGroups ([]string) APIGroups is the name of the APIGroup that contains the resources. If
multiple API groups are specified, any action requested against one of the
enumerated resources in any API group will be allowed.
- nonResourceURLs ([]string) NonResourceURLs is a set of partial urls that a user should have access to.
*s are allowed, but only as the full, final step in the path Since
non-resource URLs are not namespaced, this field is only applicable for
ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply
to API resources (such as "pods" or "secrets") or non-resource URL paths
(such as "/api"), but not both.
- resourceNames ([]string) ResourceNames is an optional white list of names that the rule applies to.
An empty set means that everything is allowed.
- resources ([]string) Resources is a list of resources this rule applies to. '*' represents all
resources.
- verbs ([]string) Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in
this rule. '*' represents all verbs.
-
-
-
TokenReview TokenReview attempts to authenticate a token to a known user. Note:
TokenReview requests may be cached by the webhook token authenticator
plugin in the kube-apiserver.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec holds information about the request being evaluated
TokenReviewSpec is a description of the token authentication request.
- audiences ([]string) Audiences is a list of the identifiers that the resource server presented
with the token identifies as. Audience-aware token authenticators will
verify that the token was intended for at least one of the audiences in
this list. If no audiences are provided, the audience will default to the
audience of the Kubernetes apiserver.
- token (string) Token is the opaque bearer token.
-
-
status (Object) Status is filled in by the server and indicates whether the request can be
authenticated.
TokenReviewStatus is the result of the token authentication request.
- audiences ([]string) Audiences are audience identifiers chosen by the authenticator that are
compatible with both the TokenReview and token. An identifier is any
identifier in the intersection of the TokenReviewSpec audiences and the
token's audiences. A client of the TokenReview API that sets the
spec.audiences field should validate that a compatible audience identifier
is returned in the status.audiences field to ensure that the TokenReview
server is audience aware. If a TokenReview returns an empty status.audience
field where status.authenticated is "true", the token is valid against the
audience of the Kubernetes API server.
- authenticated (boolean) Authenticated indicates that the token was associated with a known user.
- error (string) Error indicates that the token couldn't be checked
-
user (Object) User is the UserInfo associated with the provided token.
UserInfo holds the information about the user needed to implement the
user.Info interface.
- extra (map[string][]string) Any additional information provided by the authenticator.
- groups ([]string) The names of groups this user is a part of.
- uid (string) A unique value that identifies this user across time. If this user is
deleted and another user by the same name is added, they will have
different UIDs.
- username (string) The name that uniquely identifies this user among all active users.
-
-
-
-
LocalSubjectAccessReview LocalSubjectAccessReview checks whether or not a user or group can perform
an action in a given namespace. Having a namespace scoped resource makes it
much easier to grant namespace scoped policy that includes permissions
checking.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard list metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec holds information about the request being evaluated. spec.namespace
must be equal to the namespace you made the request against. If empty, it
is defaulted.
SubjectAccessReviewSpec is a description of the access request. Exactly one
of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes
must be set
- extra (map[string][]string) Extra corresponds to the user.Info.GetExtra() method from the
authenticator. Since that is input to the authorizer it needs a reflection
here.
- groups ([]string) Groups is the groups you're testing for.
-
nonResourceAttributes (Object) NonResourceAttributes describes information for a non-resource access
request
NonResourceAttributes includes the authorization attributes available for
non-resource requests to the Authorizer interface
- path (string) Path is the URL path of the request
- verb (string) Verb is the standard HTTP verb
-
-
resourceAttributes (Object) ResourceAuthorizationAttributes describes information for a resource access
request
ResourceAttributes includes the authorization attributes available for
resource requests to the Authorizer interface
- group (string) Group is the API Group of the Resource. "*" means all.
- name (string) Name is the name of the resource being requested for a "get" or deleted for
a "delete". "" (empty) means all.
- namespace (string) Namespace is the namespace of the action being requested. Currently, there
is no distinction between no namespace and all namespaces "" (empty) is
defaulted for LocalSubjectAccessReviews "" (empty) is empty for
cluster-scoped resources "" (empty) means "all" for namespace scoped
resources from a SubjectAccessReview or SelfSubjectAccessReview
- resource (string) Resource is one of the existing resource types. "*" means all.
- subresource (string) Subresource is one of the existing resource types. "" means none.
- verb (string) Verb is a kubernetes resource API verb, like: get, list, watch, create,
update, delete, proxy. "*" means all.
- version (string) Version is the API Version of the Resource. "*" means all.
-
- uid (string) UID information about the requesting user.
- user (string) User is the user you're testing for. If you specify "User" but not
"Groups", then is it interpreted as "What if User were not a member of any
groups
-
-
status (Object) Status is filled in by the server and indicates whether the request is
allowed or not
SubjectAccessReviewStatus
- allowed (boolean) Allowed is required. True if the action would be allowed, false otherwise.
- denied (boolean) Denied is optional. True if the action would be denied, otherwise false. If
both allowed is false and denied is false, then the authorizer has no
opinion on whether to authorize the action. Denied may not be true if
Allowed is true.
- evaluationError (string) EvaluationError is an indication that some error occurred during the
authorization check. It is entirely possible to get an error and be able to
continue determine authorization status in spite of it. For instance, RBAC
can be missing a role, but enough roles are still present and bound to
reason about the request.
- reason (string) Reason is optional. It indicates why a request was allowed or denied.
-
-
-
SelfSubjectAccessReview SelfSubjectAccessReview checks whether or the current user can perform an
action. Not filling in a spec.namespace means "in all namespaces". Self is
a special case, because users should always be able to check whether they
can perform an action
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard list metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec holds information about the request being evaluated. user and groups
must be empty
SelfSubjectAccessReviewSpec is a description of the access request. Exactly
one of ResourceAuthorizationAttributes and
NonResourceAuthorizationAttributes must be set
-
nonResourceAttributes (Object) NonResourceAttributes describes information for a non-resource access
request
NonResourceAttributes includes the authorization attributes available for
non-resource requests to the Authorizer interface
- path (string) Path is the URL path of the request
- verb (string) Verb is the standard HTTP verb
-
-
resourceAttributes (Object) ResourceAuthorizationAttributes describes information for a resource access
request
ResourceAttributes includes the authorization attributes available for
resource requests to the Authorizer interface
- group (string) Group is the API Group of the Resource. "*" means all.
- name (string) Name is the name of the resource being requested for a "get" or deleted for
a "delete". "" (empty) means all.
- namespace (string) Namespace is the namespace of the action being requested. Currently, there
is no distinction between no namespace and all namespaces "" (empty) is
defaulted for LocalSubjectAccessReviews "" (empty) is empty for
cluster-scoped resources "" (empty) means "all" for namespace scoped
resources from a SubjectAccessReview or SelfSubjectAccessReview
- resource (string) Resource is one of the existing resource types. "*" means all.
- subresource (string) Subresource is one of the existing resource types. "" means none.
- verb (string) Verb is a kubernetes resource API verb, like: get, list, watch, create,
update, delete, proxy. "*" means all.
- version (string) Version is the API Version of the Resource. "*" means all.
-
-
-
status (Object) Status is filled in by the server and indicates whether the request is
allowed or not
SubjectAccessReviewStatus
- allowed (boolean) Allowed is required. True if the action would be allowed, false otherwise.
- denied (boolean) Denied is optional. True if the action would be denied, otherwise false. If
both allowed is false and denied is false, then the authorizer has no
opinion on whether to authorize the action. Denied may not be true if
Allowed is true.
- evaluationError (string) EvaluationError is an indication that some error occurred during the
authorization check. It is entirely possible to get an error and be able to
continue determine authorization status in spite of it. For instance, RBAC
can be missing a role, but enough roles are still present and bound to
reason about the request.
- reason (string) Reason is optional. It indicates why a request was allowed or denied.
-
-
-
SelfSubjectRulesReview SelfSubjectRulesReview enumerates the set of actions the current user can
perform within a namespace. The returned list of actions may be incomplete
depending on the server's authorization mode, and any errors experienced
during the evaluation. SelfSubjectRulesReview should be used by UIs to
show/hide actions, or to quickly let an end user reason about their
permissions. It should NOT Be used by external systems to drive
authorization decisions as this raises confused deputy, cache
lifetime/revocation, and correctness concerns. SubjectAccessReview, and
LocalAccessReview are the correct way to defer authorization decisions to
the API server.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard list metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec holds information about the request being evaluated.
SelfSubjectRulesReviewSpec defines the specification for
SelfSubjectRulesReview.
- namespace (string) Namespace to evaluate rules for. Required.
-
-
status (Object) Status is filled in by the server and indicates the set of actions a user
can perform.
SubjectRulesReviewStatus contains the result of a rules check. This check
can be incomplete depending on the set of authorizers the server is
configured with and any errors experienced during evaluation. Because
authorization rules are additive, if a rule appears in a list it's safe to
assume the subject has that permission, even if that list is incomplete.
- evaluationError (string) EvaluationError can appear in combination with Rules. It indicates an error
occurred during rule evaluation, such as an authorizer that doesn't support
rule evaluation, and that ResourceRules and/or NonResourceRules may be
incomplete.
- incomplete (boolean) Incomplete is true when the rules returned by this call are incomplete.
This is most commonly encountered when an authorizer, such as an external
authorizer, doesn't support rules evaluation.
-
nonResourceRules ([]Object) NonResourceRules is the list of actions the subject is allowed to perform
on non-resources. The list ordering isn't significant, may contain
duplicates, and possibly be incomplete.
NonResourceRule holds information that describes a rule for the
non-resource
- nonResourceURLs ([]string) NonResourceURLs is a set of partial urls that a user should have access to.
*s are allowed, but only as the full, final step in the path. "*" means
all.
- verbs ([]string) Verb is a list of kubernetes non-resource API verbs, like: get, post, put,
delete, patch, head, options. "*" means all.
-
-
resourceRules ([]Object) ResourceRules is the list of actions the subject is allowed to perform on
resources. The list ordering isn't significant, may contain duplicates, and
possibly be incomplete.
ResourceRule is the list of actions the subject is allowed to perform on
resources. The list ordering isn't significant, may contain duplicates, and
possibly be incomplete.
- apiGroups ([]string) APIGroups is the name of the APIGroup that contains the resources. If
multiple API groups are specified, any action requested against one of the
enumerated resources in any API group will be allowed. "*" means all.
- resourceNames ([]string) ResourceNames is an optional white list of names that the rule applies to.
An empty set means that everything is allowed. "*" means all.
- resources ([]string) Resources is a list of resources this rule applies to. "*" means all in the
specified apiGroups. "*/foo" represents the subresource 'foo' for all
resources in the specified apiGroups.
- verbs ([]string) Verb is a list of kubernetes resource API verbs, like: get, list, watch,
create, update, delete, proxy. "*" means all.
-
-
-
-
SubjectAccessReview SubjectAccessReview checks whether or not a user or group can perform an
action.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard list metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec holds information about the request being evaluated
SubjectAccessReviewSpec is a description of the access request. Exactly one
of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes
must be set
- extra (map[string][]string) Extra corresponds to the user.Info.GetExtra() method from the
authenticator. Since that is input to the authorizer it needs a reflection
here.
- groups ([]string) Groups is the groups you're testing for.
-
nonResourceAttributes (Object) NonResourceAttributes describes information for a non-resource access
request
NonResourceAttributes includes the authorization attributes available for
non-resource requests to the Authorizer interface
- path (string) Path is the URL path of the request
- verb (string) Verb is the standard HTTP verb
-
-
resourceAttributes (Object) ResourceAuthorizationAttributes describes information for a resource access
request
ResourceAttributes includes the authorization attributes available for
resource requests to the Authorizer interface
- group (string) Group is the API Group of the Resource. "*" means all.
- name (string) Name is the name of the resource being requested for a "get" or deleted for
a "delete". "" (empty) means all.
- namespace (string) Namespace is the namespace of the action being requested. Currently, there
is no distinction between no namespace and all namespaces "" (empty) is
defaulted for LocalSubjectAccessReviews "" (empty) is empty for
cluster-scoped resources "" (empty) means "all" for namespace scoped
resources from a SubjectAccessReview or SelfSubjectAccessReview
- resource (string) Resource is one of the existing resource types. "*" means all.
- subresource (string) Subresource is one of the existing resource types. "" means none.
- verb (string) Verb is a kubernetes resource API verb, like: get, list, watch, create,
update, delete, proxy. "*" means all.
- version (string) Version is the API Version of the Resource. "*" means all.
-
- uid (string) UID information about the requesting user.
- user (string) User is the user you're testing for. If you specify "User" but not
"Groups", then is it interpreted as "What if User were not a member of any
groups
-
-
status (Object) Status is filled in by the server and indicates whether the request is
allowed or not
SubjectAccessReviewStatus
- allowed (boolean) Allowed is required. True if the action would be allowed, false otherwise.
- denied (boolean) Denied is optional. True if the action would be denied, otherwise false. If
both allowed is false and denied is false, then the authorizer has no
opinion on whether to authorize the action. Denied may not be true if
Allowed is true.
- evaluationError (string) EvaluationError is an indication that some error occurred during the
authorization check. It is entirely possible to get an error and be able to
continue determine authorization status in spite of it. For instance, RBAC
can be missing a role, but enough roles are still present and bound to
reason about the request.
- reason (string) Reason is optional. It indicates why a request was allowed or denied.
-
-
-
CertificateSigningRequest CertificateSigningRequest objects provide a mechanism to obtain x509
certificates by submitting a certificate signing request, and having it
asynchronously approved and issued.
Kubelets use this API to obtain:
1. client certificates to authenticate to kube-apiserver (with the
"kubernetes.io/kube-apiserver-client-kubelet" signerName).
2. serving certificates for TLS endpoints kube-apiserver can connect to
securely (with the "kubernetes.io/kubelet-serving" signerName).
This API can be used to request client certificates to authenticate to
kube-apiserver (with the "kubernetes.io/kube-apiserver-client" signerName),
or to obtain certificates from custom non-Kubernetes signers.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object)
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) spec contains the certificate request, and is immutable after creation.
Only the request, signerName, expirationSeconds, and usages fields can be
set on creation. Other fields are derived by Kubernetes and cannot be
modified by users.
CertificateSigningRequestSpec contains the certificate request.
- expirationSeconds (integer) expirationSeconds is the requested duration of validity of the issued
certificate. The certificate signer may issue a certificate with a
different validity duration so a client must check the delta between the
notBefore and and notAfter fields in the issued certificate to determine
the actual duration.
The v1.22+ in-tree implementations of the well-known Kubernetes signers
will honor this field as long as the requested duration is not greater than
the maximum duration they will honor per the --cluster-signing-duration CLI
flag to the Kubernetes controller manager.
Certificate signers may not honor this field for various reasons:
1. Old signer that is unaware of the field (such as the in-tree
implementations prior to v1.22)
2. Signer whose configured maximum is shorter than the requested duration
3. Signer whose configured minimum is longer than the requested duration
The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
As of v1.22, this field is beta and is controlled via the CSRDuration
feature gate.
- extra (map[string][]string) extra contains extra attributes of the user that created the
CertificateSigningRequest. Populated by the API server on creation and
immutable.
- groups ([]string) groups contains group membership of the user that created the
CertificateSigningRequest. Populated by the API server on creation and
immutable.
- request (string) request contains an x509 certificate signing request encoded in a
"CERTIFICATE REQUEST" PEM block. When serialized as JSON or YAML, the data
is additionally base64-encoded.
- signerName (string) signerName indicates the requested signer, and is a qualified name.
List/watch requests for CertificateSigningRequests can filter on this field
using a "spec.signerName=NAME" fieldSelector.
Well-known Kubernetes signers are:
1. "kubernetes.io/kube-apiserver-client": issues client certificates that
can be used to authenticate to kube-apiserver. Requests for this signer are
never auto-approved by kube-controller-manager, can be issued by the
"csrsigning" controller in kube-controller-manager.
2. "kubernetes.io/kube-apiserver-client-kubelet": issues client
certificates that kubelets use to authenticate to kube-apiserver. Requests
for this signer can be auto-approved by the "csrapproving" controller in
kube-controller-manager, and can be issued by the "csrsigning" controller
in kube-controller-manager.
3. "kubernetes.io/kubelet-serving" issues serving certificates that
kubelets use to serve TLS endpoints, which kube-apiserver can connect to
securely. Requests for this signer are never auto-approved by
kube-controller-manager, and can be issued by the "csrsigning" controller
in kube-controller-manager.
More details are available at
https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
Custom signerNames can also be specified. The signer defines:
1. Trust distribution: how trust (CA bundles) are distributed.
2. Permitted subjects: and behavior when a disallowed subject is requested.
3. Required, permitted, or forbidden x509 extensions in the request
(including whether subjectAltNames are allowed, which types, restrictions
on allowed values) and behavior when a disallowed extension is requested.
4. Required, permitted, or forbidden key usages / extended key usages.
5. Expiration/certificate lifetime: whether it is fixed by the signer,
configurable by the admin.
6. Whether or not requests for CA certificates are allowed.
- uid (string) uid contains the uid of the user that created the
CertificateSigningRequest. Populated by the API server on creation and
immutable.
- usages ([]string) usages specifies a set of key usages requested in the issued certificate.
Requests for TLS client certificates typically request: "digital
signature", "key encipherment", "client auth".
Requests for TLS serving certificates typically request: "key
encipherment", "digital signature", "server auth".
Valid values are:
"signing", "digital signature", "content commitment", "key encipherment",
"key agreement", "data encipherment", "cert sign", "crl sign", "encipher
only", "decipher only", "any", "server auth", "client auth", "code
signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel",
"ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape
sgc"
- username (string) username contains the name of the user that created the
CertificateSigningRequest. Populated by the API server on creation and
immutable.
-
-
status (Object) status contains information about whether the request is approved or
denied, and the certificate issued by the signer, or the failure condition
indicating signer failure.
CertificateSigningRequestStatus contains conditions used to indicate
approved/denied/failed status of the request, and the issued certificate.
- certificate (string) certificate is populated with an issued certificate by the signer after an
Approved condition is present. This field is set via the /status
subresource. Once populated, this field is immutable.
If the certificate signing request is denied, a condition of type "Denied"
is added and this field remains empty. If the signer cannot issue the
certificate, a condition of type "Failed" is added and this field remains
empty.
Validation requirements:
1. certificate must contain one or more PEM blocks.
2. All PEM blocks must have the "CERTIFICATE" label, contain no headers,
and the encoded data must be a BER-encoded ASN.1 Certificate structure as
described in section 4 of RFC5280.
3. Non-PEM content may appear before or after the "CERTIFICATE" PEM blocks
and is unvalidated, to allow for explanatory text as described in section
5.2 of RFC7468.
If more than one PEM block is present, and the definition of the requested
spec.signerName does not indicate otherwise, the first block is the issued
certificate, and subsequent blocks should be treated as intermediate
certificates and presented in TLS handshakes.
The certificate is encoded in PEM format.
When serialized as JSON or YAML, the data is additionally base64-encoded,
so it consists of:
base64(
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
)
-
conditions ([]Object) conditions applied to the request. Known conditions are "Approved",
"Denied", and "Failed".
CertificateSigningRequestCondition describes a condition of a
CertificateSigningRequest object
- lastTransitionTime (string) lastTransitionTime is the time the condition last transitioned from one
status to another. If unset, when a new condition type is added or an
existing condition's status is changed, the server defaults this to the
current time.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- lastUpdateTime (string) lastUpdateTime is the time of the last update to this condition
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) message contains a human readable message with details about the request
state
- reason (string) reason indicates a brief reason for the request state
- status (string) status of the condition, one of True, False, Unknown. Approved, Denied, and
Failed conditions may not be "False" or "Unknown".
- type (string) type of the condition. Known conditions are "Approved", "Denied", and
"Failed".
An "Approved" condition is added via the /approval subresource, indicating
the request was approved and should be issued by the signer.
A "Denied" condition is added via the /approval subresource, indicating the
request was denied and should not be issued by the signer.
A "Failed" condition is added via the /status subresource, indicating the
signer failed to issue the certificate.
Approved and Denied conditions are mutually exclusive. Approved, Denied,
and Failed conditions cannot be removed once added.
Only one condition of a given type is allowed.
-
-
-
Storage
-
PersistentVolumeClaim PersistentVolumeClaim is a user's request for and claim to a persistent
volume
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec defines the desired characteristics of a volume requested by a pod
author. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
PersistentVolumeClaimSpec describes the common attributes of storage
devices and allows a Source for provider-specific attributes
- accessModes ([]string) AccessModes contains the desired access modes the volume should have. More
info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-
dataSource (Object) This field can be used to specify either: * An existing VolumeSnapshot
object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC
(PersistentVolumeClaim) If the provisioner or an external controller can
support the specified data source, it will create a new volume based on the
contents of the specified data source. If the AnyVolumeDataSource feature
gate is enabled, this field will always have the same contents as the
DataSourceRef field.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
dataSourceRef (Object) Specifies the object from which to populate the volume with data, if a
non-empty volume is desired. This may be any local object from a non-empty
API group (non core object) or a PersistentVolumeClaim object. When this
field is specified, volume binding will only succeed if the type of the
specified object matches some installed volume populator or dynamic
provisioner. This field will replace the functionality of the DataSource
field and as such if both fields are non-empty, they must have the same
value. For backwards compatibility, both fields (DataSource and
DataSourceRef) will be set to the same value automatically if one of them
is empty and the other is non-empty. There are two important differences
between DataSource and DataSourceRef: * While DataSource only allows two
specific types of objects, DataSourceRef allows any non-core object, as
well as PersistentVolumeClaim objects.
* While DataSource ignores disallowed values (dropping them), DataSourceRef
preserves all values, and generates an error if a disallowed value is
specified. (Alpha) Using this field requires the AnyVolumeDataSource
feature gate to be enabled.
TypedLocalObjectReference contains enough information to let you locate the
typed referenced object inside the same namespace.
- apiGroup (string) APIGroup is the group for the resource being referenced. If APIGroup is not
specified, the specified Kind must be in the core API group. For any other
third-party types, APIGroup is required.
- kind (string) Kind is the type of resource being referenced
- name (string) Name is the name of resource being referenced
-
-
resources (Object) Resources represents the minimum resources the volume should have. If
RecoverVolumeExpansionFailure feature is enabled users are allowed to
specify resource requirements that are lower than previous value but must
still be higher than capacity recorded in the status field of the claim.
More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
ResourceRequirements describes the compute resource requirements.
- limits (map[string]string) Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- requests (map[string]string) Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
selector (Object) A label query over volumes to consider for binding.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- storageClassName (string) Name of the StorageClass required by the claim. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- volumeMode (string) volumeMode defines what type of volume is required by the claim. Value of
Filesystem is implied when not included in claim spec.
- volumeName (string) VolumeName is the binding reference to the PersistentVolume backing this
claim.
-
-
status (Object) Status represents the current information/status of a persistent volume
claim. Read-only. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
PersistentVolumeClaimStatus is the current status of a persistent volume
claim.
- accessModes ([]string) AccessModes contains the actual access modes the volume backing the PVC
has. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
- allocatedResources (map[string]string) The storage resource within AllocatedResources tracks the capacity
allocated to a PVC. It may be larger than the actual capacity when a volume
expansion operation is requested. For storage quota, the larger value from
allocatedResources and PVC.spec.resources is used. If allocatedResources is
not set, PVC.spec.resources alone is used for quota calculation. If a
volume expansion capacity request is lowered, allocatedResources is only
lowered if there are no expansion operations in progress and if the actual
volume capacity is equal or lower than the requested capacity. This is an
alpha field and requires enabling RecoverVolumeExpansionFailure feature.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- capacity (map[string]string) Represents the actual resources of the underlying volume.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
conditions ([]Object) Current Condition of persistent volume claim. If underlying persistent
volume is being resized then the Condition will be set to 'ResizeStarted'.
PersistentVolumeClaimCondition contails details about state of pvc
- lastProbeTime (string) Last time we probed the condition.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- lastTransitionTime (string) Last time the condition transitioned from one status to another.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) Human-readable message indicating details about last transition.
- reason (string) Unique, this should be a short, machine understandable string that gives
the reason for condition's last transition. If it reports "ResizeStarted"
that means the underlying persistent volume is being resized.
- status (string) (empty)
- type (string)
-
- phase (string) Phase represents the current phase of PersistentVolumeClaim.
- resizeStatus (string) ResizeStatus stores status of resize operation. ResizeStatus is not set by
default but when expansion is complete resizeStatus is set to empty string
by resize controller or kubelet. This is an alpha field and requires
enabling RecoverVolumeExpansionFailure feature.
-
-
-
PersistentVolume PersistentVolume (PV) is a storage resource provisioned by an
administrator. It is analogous to a node. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec defines a specification of a persistent volume owned by the cluster.
Provisioned by an administrator. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes
PersistentVolumeSpec is the specification of a persistent volume.
- accessModes ([]string) AccessModes contains all ways the volume can be mounted. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes
-
awsElasticBlockStore (Object) AWSElasticBlockStore represents an AWS Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
Represents a Persistent Disk resource in AWS.
An AWS EBS disk must exist before mounting to a container. The disk must
also be in the same AWS zone as the kubelet. An AWS EBS disk can only be
mounted as read/write once. AWS EBS volumes support ownership management
and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty).
- readOnly (boolean) Specify "true" to force and set the ReadOnly property in VolumeMounts to
"true". If omitted, the default is "false". More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- volumeID (string) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More
info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-
azureDisk (Object) AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
- cachingMode (string) Host Caching mode: None, Read Only, Read Write.
- diskName (string) The Name of the data disk in the blob storage
- diskURI (string) The URI the data disk in the blob storage
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- kind (string) Expected values Shared: multiple blob disks per storage account Dedicated:
single blob disk per storage account Managed: azure managed data disk (only
in managed availability set). defaults to shared
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
-
azureFile (Object) AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- secretName (string) the name of secret that contains Azure Storage Account Name and Key
- secretNamespace (string) the namespace of the secret that contains Azure Storage Account Name and
Key default is the same as the Pod
- shareName (string) Share Name
-
- capacity (map[string]string) A description of the persistent volume's resources and capacity. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
cephfs (Object) CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs
volumes do not support ownership management or SELinux relabeling.
- monitors ([]string) Required: Monitors is a collection of Ceph monitors More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- path (string) Optional: Used as the mounted root, rather than the full Ceph tree, default
is /
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- secretFile (string) Optional: SecretFile is the path to key ring for User, default is
/etc/ceph/user.secret More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
secretRef (Object) Optional: SecretRef is reference to the authentication secret for User,
default is empty. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
- user (string) Optional: User is the rados user name, default is admin More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-
cinder (Object) Cinder represents a cinder volume attached and mounted on kubelets host
machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
Represents a cinder volume resource in Openstack. A Cinder volume must
exist before mounting to a container. The volume must also be in the same
region as the kubelet. Cinder volumes support ownership management and
SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
be "ext4" if unspecified. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
secretRef (Object) Optional: points to a secret object containing parameters used to connect
to OpenStack.
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
- volumeID (string) volume id used to identify the volume in cinder. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
-
claimRef (Object) ClaimRef is part of a bi-directional binding between PersistentVolume and
PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName
is the authoritative bind between PV and PVC. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding
ObjectReference contains enough information to let you inspect or modify
the referred object.
- apiVersion (string) API version of the referent.
- fieldPath (string) If referring to a piece of an object instead of an entire object, this
string should contain a valid JSON/Go field access statement, such as
desiredState.manifest.containers[2]. For example, if the object reference
is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container
that triggered the event) or if no container name is specified
"spec.containers[2]" (container with index 2 in this pod). This syntax is
chosen only to have some well-defined way of referencing a part of an
object.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- namespace (string) Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- resourceVersion (string) Specific resourceVersion to which this reference is made, if any. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- uid (string) UID of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-
-
csi (Object) CSI represents storage that is handled by an external CSI driver (Beta
feature).
Represents storage that is managed by an external CSI volume driver (Beta
feature)
-
controllerExpandSecretRef (Object) ControllerExpandSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
ControllerExpandVolume call. This is an alpha field and requires enabling
ExpandCSIVolumes feature gate. This field is optional, and may be empty if
no secret is required. If the secret object contains more than one secret,
all secrets are passed.
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
-
controllerPublishSecretRef (Object) ControllerPublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
ControllerPublishVolume and ControllerUnpublishVolume calls. This field is
optional, and may be empty if no secret is required. If the secret object
contains more than one secret, all secrets are passed.
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
- driver (string) Driver is the name of the driver to use for this volume. Required.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs".
-
nodePublishSecretRef (Object) NodePublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls. This field is optional,
and may be empty if no secret is required. If the secret object contains
more than one secret, all secrets are passed.
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
-
nodeStageSecretRef (Object) NodeStageSecretRef is a reference to the secret object containing sensitive
information to pass to the CSI driver to complete the CSI NodeStageVolume
and NodeStageVolume and NodeUnstageVolume calls. This field is optional,
and may be empty if no secret is required. If the secret object contains
more than one secret, all secrets are passed.
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
- readOnly (boolean) Optional: The value to pass to ControllerPublishVolumeRequest. Defaults to
false (read/write).
- volumeAttributes (map[string]string) Attributes of the volume to publish.
- volumeHandle (string) VolumeHandle is the unique volume name returned by the CSI volume
plugin’s CreateVolume to refer to the volume on all subsequent calls.
Required.
-
-
fc (Object) FC represents a Fibre Channel resource that is attached to a kubelet's host
machine and then exposed to the pod.
Represents a Fibre Channel volume. Fibre Channel volumes can only be
mounted as read/write once. Fibre Channel volumes support ownership
management and SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- lun (integer) Optional: FC target lun number
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
- targetWWNs ([]string) Optional: FC target worldwide names (WWNs)
- wwids ([]string) Optional: FC volume world wide identifiers (wwids) Either wwids or
combination of targetWWNs and lun must be set, but not both simultaneously.
-
-
flexVolume (Object) FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
FlexPersistentVolumeSource represents a generic persistent volume resource
that is provisioned/attached using an exec based plugin.
- driver (string) Driver is the name of the driver to use for this volume.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends
on FlexVolume script.
- options (map[string]string) Optional: Extra command options if any.
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
-
secretRef (Object) Optional: SecretRef is reference to the secret object containing sensitive
information to pass to the plugin scripts. This may be empty if no secret
object is specified. If the secret object contains more than one secret,
all secrets are passed to the plugin scripts.
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
-
-
flocker (Object) Flocker represents a Flocker volume attached to a kubelet's host machine
and exposed to the pod for its usage. This depends on the Flocker control
service being running
Represents a Flocker volume mounted by the Flocker agent. One and only one
of datasetName and datasetUUID should be set. Flocker volumes do not
support ownership management or SELinux relabeling.
- datasetName (string) Name of the dataset stored as metadata -) name on the dataset for Flocker
should be considered as deprecated
- datasetUUID (string) UUID of the dataset. This is unique identifier of a Flocker dataset
-
-
gcePersistentDisk (Object) GCEPersistentDisk represents a GCE Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. Provisioned by an
admin. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
Represents a Persistent Disk resource in Google Compute Engine.
A GCE PD must exist before mounting to a container. The disk must also be
in the same GCE project and zone as the kubelet. A GCE PD can only be
mounted as read/write once or read-only many times. GCE PDs support
ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty). More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- pdName (string) Unique name of the PD resource in GCE. Used to identify the disk in GCE.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-
glusterfs (Object) Glusterfs represents a Glusterfs volume that is attached to a host and
exposed to the pod. Provisioned by an admin. More info:
https://examples.k8s.io/volumes/glusterfs/README.md
Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs
volumes do not support ownership management or SELinux relabeling.
- endpoints (string) EndpointsName is the endpoint name that details Glusterfs topology. More
info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- endpointsNamespace (string) EndpointsNamespace is the namespace that contains Glusterfs endpoint. If
this field is empty, the EndpointNamespace defaults to the same namespace
as the bound PVC. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- path (string) Path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- readOnly (boolean) ReadOnly here will force the Glusterfs volume to be mounted with read-only
permissions. Defaults to false. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-
hostPath (Object) HostPath represents a directory on the host. Provisioned by a developer or
tester. This is useful for single-node development and testing only!
On-host storage is not supported in any way and WILL NOT WORK in a
multi-node cluster. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
Represents a host path mapped into a pod. Host path volumes do not support
ownership management or SELinux relabeling.
- path (string) Path of the directory on the host. If the path is a symlink, it will follow
the link to the real path. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- type (string) Type for HostPath Volume Defaults to "" More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-
iscsi (Object) ISCSI represents an ISCSI Disk resource that is attached to a kubelet's
host machine and then exposed to the pod. Provisioned by an admin.
ISCSIPersistentVolumeSource represents an ISCSI disk. ISCSI volumes can
only be mounted as read/write once. ISCSI volumes support ownership
management and SELinux relabeling.
- chapAuthDiscovery (boolean) whether support iSCSI Discovery CHAP authentication
- chapAuthSession (boolean) whether support iSCSI Session CHAP authentication
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- initiatorName (string) Custom iSCSI Initiator Name. If initiatorName is specified with
iscsiInterface simultaneously, new iSCSI interface (target portal):(volume
name) will be created for the connection.
- iqn (string) Target iSCSI Qualified Name.
- iscsiInterface (string) iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default'
(tcp).
- lun (integer) iSCSI Target Lun number.
- portals ([]string) iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the
port is other than default (typically TCP ports 860 and 3260).
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false.
-
secretRef (Object) CHAP Secret for iSCSI target and initiator authentication
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
- targetPortal (string) iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
is other than default (typically TCP ports 860 and 3260).
-
-
local (Object) Local represents directly-attached storage with node affinity
Local represents directly-attached storage with node affinity (Beta
feature)
- fsType (string) Filesystem type to mount. It applies only when the Path is a block device.
Must be a filesystem type supported by the host operating system. Ex.
"ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if
unspecified.
- path (string) The full path to the volume on the node. It can be either a directory or
block device (disk, partition, ...).
-
- mountOptions ([]string) A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will
simply fail if one is invalid. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options
-
nfs (Object) NFS represents an NFS mount on the host. Provisioned by an admin. More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do
not support ownership management or SELinux relabeling.
- path (string) Path that is exported by the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- readOnly (boolean) ReadOnly here will force the NFS export to be mounted with read-only
permissions. Defaults to false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- server (string) Server is the hostname or IP address of the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-
nodeAffinity (Object) NodeAffinity defines constraints that limit what nodes this volume can be
accessed from. This field influences the scheduling of pods that use this
volume.
VolumeNodeAffinity defines constraints that limit what nodes this volume
can be accessed from.
-
required (Object) Required specifies hard node constraints that must be met.
A node selector represents the union of the results of one or more label
queries over a set of nodes; that is, it represents the OR of the selectors
represented by the node selector terms.
-
nodeSelectorTerms ([]Object) Required. A list of node selector terms. The terms are ORed.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
-
-
- persistentVolumeReclaimPolicy (string) What happens to a persistent volume when released from its claim. Valid
options are Retain (default for manually created PersistentVolumes), Delete
(default for dynamically provisioned PersistentVolumes), and Recycle
(deprecated). Recycle must be supported by the volume plugin underlying
this PersistentVolume. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming
-
photonPersistentDisk (Object) PhotonPersistentDisk represents a PhotonController persistent disk attached
and mounted on kubelets host machine
Represents a Photon Controller persistent disk resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- pdID (string) ID that identifies Photon Controller persistent disk
-
-
portworxVolume (Object) PortworxVolume represents a portworx volume attached and mounted on
kubelets host machine
PortworxVolumeSource represents a Portworx volume resource.
- fsType (string) FSType represents the filesystem type to mount Must be a filesystem type
supported by the host operating system. Ex. "ext4", "xfs". Implicitly
inferred to be "ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- volumeID (string) VolumeID uniquely identifies a Portworx volume
-
-
quobyte (Object) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte
volumes do not support ownership management or SELinux relabeling.
- group (string) Group to map volume access to Default is no group
- readOnly (boolean) ReadOnly here will force the Quobyte volume to be mounted with read-only
permissions. Defaults to false.
- registry (string) Registry represents a single or multiple Quobyte Registry services
specified as a string as host:port pair (multiple entries are separated
with commas) which acts as the central registry for volumes
- tenant (string) Tenant owning the given Quobyte volume in the Backend Used with dynamically
provisioned Quobyte volumes, value is set by the plugin
- user (string) User to map volume access to Defaults to serivceaccount user
- volume (string) Volume is a string that references an already created Quobyte volume by
name.
-
-
rbd (Object) RBD represents a Rados Block Device mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD
volumes support ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- image (string) The rados image name. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- keyring (string) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- monitors ([]string) A collection of Ceph monitors. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- pool (string) The rados pool name. Default is rbd. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
secretRef (Object) SecretRef is name of the authentication secret for RBDUser. If provided
overrides keyring. Default is nil. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
- user (string) The rados user name. Default is admin. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-
scaleIO (Object) ScaleIO represents a ScaleIO persistent volume attached and mounted on
Kubernetes nodes.
ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs"
- gateway (string) The host address of the ScaleIO API Gateway.
- protectionDomain (string) The name of the ScaleIO Protection Domain for the configured storage.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef references to the secret for ScaleIO user and other sensitive
information. If this is not provided, Login operation will fail.
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
- sslEnabled (boolean) Flag to enable/disable SSL communication with Gateway, default false
- storageMode (string) Indicates whether the storage for a volume should be ThickProvisioned or
ThinProvisioned. Default is ThinProvisioned.
- storagePool (string) The ScaleIO Storage Pool associated with the protection domain.
- system (string) The name of the storage system as configured in ScaleIO.
- volumeName (string) The name of a volume already created in the ScaleIO system that is
associated with this volume source.
-
- storageClassName (string) Name of StorageClass to which this persistent volume belongs. Empty value
means that this volume does not belong to any StorageClass.
-
storageos (Object) StorageOS represents a StorageOS volume that is attached to the kubelet's
host machine and mounted into the pod More info:
https://examples.k8s.io/volumes/storageos/README.md
Represents a StorageOS persistent volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef specifies the secret to use for obtaining the StorageOS API
credentials. If not specified, default values will be attempted.
ObjectReference contains enough information to let you inspect or modify
the referred object.
- apiVersion (string) API version of the referent.
- fieldPath (string) If referring to a piece of an object instead of an entire object, this
string should contain a valid JSON/Go field access statement, such as
desiredState.manifest.containers[2]. For example, if the object reference
is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container
that triggered the event) or if no container name is specified
"spec.containers[2]" (container with index 2 in this pod). This syntax is
chosen only to have some well-defined way of referencing a part of an
object.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- namespace (string) Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- resourceVersion (string) Specific resourceVersion to which this reference is made, if any. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- uid (string) UID of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-
- volumeName (string) VolumeName is the human-readable name of the StorageOS volume. Volume names
are only unique within a namespace.
- volumeNamespace (string) VolumeNamespace specifies the scope of the volume within StorageOS. If no
namespace is specified then the Pod's namespace will be used. This allows
the Kubernetes name scoping to be mirrored within StorageOS for tighter
integration. Set VolumeName to any name to override the default behaviour.
Set to "default" if you are not using namespaces within StorageOS.
Namespaces that do not pre-exist within StorageOS will be created.
-
- volumeMode (string) volumeMode defines if a volume is intended to be used with a formatted
filesystem or to remain in raw block state. Value of Filesystem is implied
when not included in spec.
-
vsphereVolume (Object) VsphereVolume represents a vSphere volume attached and mounted on kubelets
host machine
Represents a vSphere volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- storagePolicyID (string) Storage Policy Based Management (SPBM) profile ID associated with the
StoragePolicyName.
- storagePolicyName (string) Storage Policy Based Management (SPBM) profile name.
- volumePath (string) Path that identifies vSphere volume vmdk
-
-
-
status (Object) Status represents the current information/status for the persistent volume.
Populated by the system. Read-only. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes
PersistentVolumeStatus is the current status of a persistent volume.
- message (string) A human-readable message indicating details about why the volume is in this
state.
- phase (string) Phase indicates if a volume is available, bound to a claim, or released by
a claim. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase
- reason (string) Reason is a brief CamelCase string that describes any failure and is meant
for machine parsing and tidy display in the CLI.
-
-
-
VolumeAttachment VolumeAttachment captures the intent to attach or detach the specified
volume to/from the specified node.
VolumeAttachment objects are non-namespaced.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the desired attach/detach volume behavior. Populated by
the Kubernetes system.
VolumeAttachmentSpec is the specification of a VolumeAttachment request.
- attacher (string) Attacher indicates the name of the volume driver that MUST handle this
request. This is the name returned by GetPluginName().
- nodeName (string) The node that the volume should be attached to.
-
source (Object) Source represents the volume that should be attached.
VolumeAttachmentSource represents a volume that should be attached. Right
now only PersistenVolumes can be attached via external attacher, in future
we may allow also inline volumes in pods. Exactly one member can be set.
-
inlineVolumeSpec (Object) inlineVolumeSpec contains all the information necessary to attach a
persistent volume defined by a pod's inline VolumeSource. This field is
populated only for the CSIMigration feature. It contains translated fields
from a pod's inline VolumeSource to a PersistentVolumeSpec. This field is
beta-level and is only honored by servers that enabled the CSIMigration
feature.
PersistentVolumeSpec is the specification of a persistent volume.
- accessModes ([]string) AccessModes contains all ways the volume can be mounted. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes
-
awsElasticBlockStore (Object) AWSElasticBlockStore represents an AWS Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
Represents a Persistent Disk resource in AWS.
An AWS EBS disk must exist before mounting to a container. The disk must
also be in the same AWS zone as the kubelet. An AWS EBS disk can only be
mounted as read/write once. AWS EBS volumes support ownership management
and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty).
- readOnly (boolean) Specify "true" to force and set the ReadOnly property in VolumeMounts to
"true". If omitted, the default is "false". More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- volumeID (string) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More
info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-
azureDisk (Object) AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
- cachingMode (string) Host Caching mode: None, Read Only, Read Write.
- diskName (string) The Name of the data disk in the blob storage
- diskURI (string) The URI the data disk in the blob storage
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- kind (string) Expected values Shared: multiple blob disks per storage account Dedicated:
single blob disk per storage account Managed: azure managed data disk (only
in managed availability set). defaults to shared
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
-
azureFile (Object) AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- secretName (string) the name of secret that contains Azure Storage Account Name and Key
- secretNamespace (string) the namespace of the secret that contains Azure Storage Account Name and
Key default is the same as the Pod
- shareName (string) Share Name
-
- capacity (map[string]string) A description of the persistent volume's resources and capacity. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
cephfs (Object) CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs
volumes do not support ownership management or SELinux relabeling.
- monitors ([]string) Required: Monitors is a collection of Ceph monitors More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- path (string) Optional: Used as the mounted root, rather than the full Ceph tree, default
is /
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- secretFile (string) Optional: SecretFile is the path to key ring for User, default is
/etc/ceph/user.secret More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
secretRef (Object) Optional: SecretRef is reference to the authentication secret for User,
default is empty. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
- user (string) Optional: User is the rados user name, default is admin More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-
cinder (Object) Cinder represents a cinder volume attached and mounted on kubelets host
machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
Represents a cinder volume resource in Openstack. A Cinder volume must
exist before mounting to a container. The volume must also be in the same
region as the kubelet. Cinder volumes support ownership management and
SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
be "ext4" if unspecified. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
secretRef (Object) Optional: points to a secret object containing parameters used to connect
to OpenStack.
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
- volumeID (string) volume id used to identify the volume in cinder. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
-
-
claimRef (Object) ClaimRef is part of a bi-directional binding between PersistentVolume and
PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName
is the authoritative bind between PV and PVC. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding
ObjectReference contains enough information to let you inspect or modify
the referred object.
- apiVersion (string) API version of the referent.
- fieldPath (string) If referring to a piece of an object instead of an entire object, this
string should contain a valid JSON/Go field access statement, such as
desiredState.manifest.containers[2]. For example, if the object reference
is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container
that triggered the event) or if no container name is specified
"spec.containers[2]" (container with index 2 in this pod). This syntax is
chosen only to have some well-defined way of referencing a part of an
object.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- namespace (string) Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- resourceVersion (string) Specific resourceVersion to which this reference is made, if any. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- uid (string) UID of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-
-
csi (Object) CSI represents storage that is handled by an external CSI driver (Beta
feature).
Represents storage that is managed by an external CSI volume driver (Beta
feature)
-
controllerExpandSecretRef (Object) ControllerExpandSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
ControllerExpandVolume call. This is an alpha field and requires enabling
ExpandCSIVolumes feature gate. This field is optional, and may be empty if
no secret is required. If the secret object contains more than one secret,
all secrets are passed.
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
-
controllerPublishSecretRef (Object) ControllerPublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
ControllerPublishVolume and ControllerUnpublishVolume calls. This field is
optional, and may be empty if no secret is required. If the secret object
contains more than one secret, all secrets are passed.
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
- driver (string) Driver is the name of the driver to use for this volume. Required.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs".
-
nodePublishSecretRef (Object) NodePublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls. This field is optional,
and may be empty if no secret is required. If the secret object contains
more than one secret, all secrets are passed.
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
-
nodeStageSecretRef (Object) NodeStageSecretRef is a reference to the secret object containing sensitive
information to pass to the CSI driver to complete the CSI NodeStageVolume
and NodeStageVolume and NodeUnstageVolume calls. This field is optional,
and may be empty if no secret is required. If the secret object contains
more than one secret, all secrets are passed.
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
- readOnly (boolean) Optional: The value to pass to ControllerPublishVolumeRequest. Defaults to
false (read/write).
- volumeAttributes (map[string]string) Attributes of the volume to publish.
- volumeHandle (string) VolumeHandle is the unique volume name returned by the CSI volume
plugin’s CreateVolume to refer to the volume on all subsequent calls.
Required.
-
-
fc (Object) FC represents a Fibre Channel resource that is attached to a kubelet's host
machine and then exposed to the pod.
Represents a Fibre Channel volume. Fibre Channel volumes can only be
mounted as read/write once. Fibre Channel volumes support ownership
management and SELinux relabeling.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- lun (integer) Optional: FC target lun number
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
- targetWWNs ([]string) Optional: FC target worldwide names (WWNs)
- wwids ([]string) Optional: FC volume world wide identifiers (wwids) Either wwids or
combination of targetWWNs and lun must be set, but not both simultaneously.
-
-
flexVolume (Object) FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
FlexPersistentVolumeSource represents a generic persistent volume resource
that is provisioned/attached using an exec based plugin.
- driver (string) Driver is the name of the driver to use for this volume.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends
on FlexVolume script.
- options (map[string]string) Optional: Extra command options if any.
- readOnly (boolean) Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.
-
secretRef (Object) Optional: SecretRef is reference to the secret object containing sensitive
information to pass to the plugin scripts. This may be empty if no secret
object is specified. If the secret object contains more than one secret,
all secrets are passed to the plugin scripts.
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
-
-
flocker (Object) Flocker represents a Flocker volume attached to a kubelet's host machine
and exposed to the pod for its usage. This depends on the Flocker control
service being running
Represents a Flocker volume mounted by the Flocker agent. One and only one
of datasetName and datasetUUID should be set. Flocker volumes do not
support ownership management or SELinux relabeling.
- datasetName (string) Name of the dataset stored as metadata -) name on the dataset for Flocker
should be considered as deprecated
- datasetUUID (string) UUID of the dataset. This is unique identifier of a Flocker dataset
-
-
gcePersistentDisk (Object) GCEPersistentDisk represents a GCE Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. Provisioned by an
admin. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
Represents a Persistent Disk resource in Google Compute Engine.
A GCE PD must exist before mounting to a container. The disk must also be
in the same GCE project and zone as the kubelet. A GCE PD can only be
mounted as read/write once or read-only many times. GCE PDs support
ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- partition (integer) The partition in the volume that you want to mount. If omitted, the default
is to mount by volume name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for /dev/sda is "0" (or
you can leave the property empty). More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- pdName (string) Unique name of the PD resource in GCE. Used to identify the disk in GCE.
More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-
glusterfs (Object) Glusterfs represents a Glusterfs volume that is attached to a host and
exposed to the pod. Provisioned by an admin. More info:
https://examples.k8s.io/volumes/glusterfs/README.md
Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs
volumes do not support ownership management or SELinux relabeling.
- endpoints (string) EndpointsName is the endpoint name that details Glusterfs topology. More
info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- endpointsNamespace (string) EndpointsNamespace is the namespace that contains Glusterfs endpoint. If
this field is empty, the EndpointNamespace defaults to the same namespace
as the bound PVC. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- path (string) Path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- readOnly (boolean) ReadOnly here will force the Glusterfs volume to be mounted with read-only
permissions. Defaults to false. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-
hostPath (Object) HostPath represents a directory on the host. Provisioned by a developer or
tester. This is useful for single-node development and testing only!
On-host storage is not supported in any way and WILL NOT WORK in a
multi-node cluster. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
Represents a host path mapped into a pod. Host path volumes do not support
ownership management or SELinux relabeling.
- path (string) Path of the directory on the host. If the path is a symlink, it will follow
the link to the real path. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- type (string) Type for HostPath Volume Defaults to "" More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-
iscsi (Object) ISCSI represents an ISCSI Disk resource that is attached to a kubelet's
host machine and then exposed to the pod. Provisioned by an admin.
ISCSIPersistentVolumeSource represents an ISCSI disk. ISCSI volumes can
only be mounted as read/write once. ISCSI volumes support ownership
management and SELinux relabeling.
- chapAuthDiscovery (boolean) whether support iSCSI Discovery CHAP authentication
- chapAuthSession (boolean) whether support iSCSI Session CHAP authentication
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- initiatorName (string) Custom iSCSI Initiator Name. If initiatorName is specified with
iscsiInterface simultaneously, new iSCSI interface (target portal):(volume
name) will be created for the connection.
- iqn (string) Target iSCSI Qualified Name.
- iscsiInterface (string) iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default'
(tcp).
- lun (integer) iSCSI Target Lun number.
- portals ([]string) iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the
port is other than default (typically TCP ports 860 and 3260).
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false.
-
secretRef (Object) CHAP Secret for iSCSI target and initiator authentication
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
- targetPortal (string) iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
is other than default (typically TCP ports 860 and 3260).
-
-
local (Object) Local represents directly-attached storage with node affinity
Local represents directly-attached storage with node affinity (Beta
feature)
- fsType (string) Filesystem type to mount. It applies only when the Path is a block device.
Must be a filesystem type supported by the host operating system. Ex.
"ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if
unspecified.
- path (string) The full path to the volume on the node. It can be either a directory or
block device (disk, partition, ...).
-
- mountOptions ([]string) A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will
simply fail if one is invalid. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options
-
nfs (Object) NFS represents an NFS mount on the host. Provisioned by an admin. More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do
not support ownership management or SELinux relabeling.
- path (string) Path that is exported by the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- readOnly (boolean) ReadOnly here will force the NFS export to be mounted with read-only
permissions. Defaults to false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
- server (string) Server is the hostname or IP address of the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-
nodeAffinity (Object) NodeAffinity defines constraints that limit what nodes this volume can be
accessed from. This field influences the scheduling of pods that use this
volume.
VolumeNodeAffinity defines constraints that limit what nodes this volume
can be accessed from.
-
required (Object) Required specifies hard node constraints that must be met.
A node selector represents the union of the results of one or more label
queries over a set of nodes; that is, it represents the OR of the selectors
represented by the node selector terms.
-
nodeSelectorTerms ([]Object) Required. A list of node selector terms. The terms are ORed.
A null or empty node selector term matches no objects. The requirements of
them are ANDed. The TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
-
matchExpressions ([]Object) A list of node selector requirements by node's labels.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
matchFields ([]Object) A list of node selector requirements by node's fields.
A node selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) The label key that the selector applies to.
- operator (string) Represents a key's relationship to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
- values ([]string) An array of string values. If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt, the values array must
have a single element, which will be interpreted as an integer. This array
is replaced during a strategic merge patch.
-
-
-
-
- persistentVolumeReclaimPolicy (string) What happens to a persistent volume when released from its claim. Valid
options are Retain (default for manually created PersistentVolumes), Delete
(default for dynamically provisioned PersistentVolumes), and Recycle
(deprecated). Recycle must be supported by the volume plugin underlying
this PersistentVolume. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming
-
photonPersistentDisk (Object) PhotonPersistentDisk represents a PhotonController persistent disk attached
and mounted on kubelets host machine
Represents a Photon Controller persistent disk resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- pdID (string) ID that identifies Photon Controller persistent disk
-
-
portworxVolume (Object) PortworxVolume represents a portworx volume attached and mounted on
kubelets host machine
PortworxVolumeSource represents a Portworx volume resource.
- fsType (string) FSType represents the filesystem type to mount Must be a filesystem type
supported by the host operating system. Ex. "ext4", "xfs". Implicitly
inferred to be "ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
- volumeID (string) VolumeID uniquely identifies a Portworx volume
-
-
quobyte (Object) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte
volumes do not support ownership management or SELinux relabeling.
- group (string) Group to map volume access to Default is no group
- readOnly (boolean) ReadOnly here will force the Quobyte volume to be mounted with read-only
permissions. Defaults to false.
- registry (string) Registry represents a single or multiple Quobyte Registry services
specified as a string as host:port pair (multiple entries are separated
with commas) which acts as the central registry for volumes
- tenant (string) Tenant owning the given Quobyte volume in the Backend Used with dynamically
provisioned Quobyte volumes, value is set by the plugin
- user (string) User to map volume access to Defaults to serivceaccount user
- volume (string) Volume is a string that references an already created Quobyte volume by
name.
-
-
rbd (Object) RBD represents a Rados Block Device mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD
volumes support ownership management and SELinux relabeling.
- fsType (string) Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- image (string) The rados image name. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- keyring (string) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- monitors ([]string) A collection of Ceph monitors. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- pool (string) The rados pool name. Default is rbd. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- readOnly (boolean) ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
secretRef (Object) SecretRef is name of the authentication secret for RBDUser. If provided
overrides keyring. Default is nil. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
- user (string) The rados user name. Default is admin. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-
scaleIO (Object) ScaleIO represents a ScaleIO persistent volume attached and mounted on
Kubernetes nodes.
ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs"
- gateway (string) The host address of the ScaleIO API Gateway.
- protectionDomain (string) The name of the ScaleIO Protection Domain for the configured storage.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef references to the secret for ScaleIO user and other sensitive
information. If this is not provided, Login operation will fail.
SecretReference represents a Secret Reference. It has enough information to
retrieve secret in any namespace
- name (string) Name is unique within a namespace to reference a secret resource.
- namespace (string) Namespace defines the space within which the secret name must be unique.
-
- sslEnabled (boolean) Flag to enable/disable SSL communication with Gateway, default false
- storageMode (string) Indicates whether the storage for a volume should be ThickProvisioned or
ThinProvisioned. Default is ThinProvisioned.
- storagePool (string) The ScaleIO Storage Pool associated with the protection domain.
- system (string) The name of the storage system as configured in ScaleIO.
- volumeName (string) The name of a volume already created in the ScaleIO system that is
associated with this volume source.
-
- storageClassName (string) Name of StorageClass to which this persistent volume belongs. Empty value
means that this volume does not belong to any StorageClass.
-
storageos (Object) StorageOS represents a StorageOS volume that is attached to the kubelet's
host machine and mounted into the pod More info:
https://examples.k8s.io/volumes/storageos/README.md
Represents a StorageOS persistent volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- readOnly (boolean) Defaults to false (read/write). ReadOnly here will force the ReadOnly
setting in VolumeMounts.
-
secretRef (Object) SecretRef specifies the secret to use for obtaining the StorageOS API
credentials. If not specified, default values will be attempted.
ObjectReference contains enough information to let you inspect or modify
the referred object.
- apiVersion (string) API version of the referent.
- fieldPath (string) If referring to a piece of an object instead of an entire object, this
string should contain a valid JSON/Go field access statement, such as
desiredState.manifest.containers[2]. For example, if the object reference
is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container
that triggered the event) or if no container name is specified
"spec.containers[2]" (container with index 2 in this pod). This syntax is
chosen only to have some well-defined way of referencing a part of an
object.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- namespace (string) Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- resourceVersion (string) Specific resourceVersion to which this reference is made, if any. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- uid (string) UID of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-
- volumeName (string) VolumeName is the human-readable name of the StorageOS volume. Volume names
are only unique within a namespace.
- volumeNamespace (string) VolumeNamespace specifies the scope of the volume within StorageOS. If no
namespace is specified then the Pod's namespace will be used. This allows
the Kubernetes name scoping to be mirrored within StorageOS for tighter
integration. Set VolumeName to any name to override the default behaviour.
Set to "default" if you are not using namespaces within StorageOS.
Namespaces that do not pre-exist within StorageOS will be created.
-
- volumeMode (string) volumeMode defines if a volume is intended to be used with a formatted
filesystem or to remain in raw block state. Value of Filesystem is implied
when not included in spec.
-
vsphereVolume (Object) VsphereVolume represents a vSphere volume attached and mounted on kubelets
host machine
Represents a vSphere volume resource.
- fsType (string) Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be
"ext4" if unspecified.
- storagePolicyID (string) Storage Policy Based Management (SPBM) profile ID associated with the
StoragePolicyName.
- storagePolicyName (string) Storage Policy Based Management (SPBM) profile name.
- volumePath (string) Path that identifies vSphere volume vmdk
-
-
- persistentVolumeName (string) Name of the persistent volume to attach.
-
-
-
status (Object) Status of the VolumeAttachment request. Populated by the entity completing
the attach or detach operation, i.e. the external-attacher.
VolumeAttachmentStatus is the status of a VolumeAttachment request.
-
attachError (Object) The last error encountered during attach operation, if any. This field must
only be set by the entity completing the attach operation, i.e. the
external-attacher.
VolumeError captures an error encountered during a volume operation.
- message (string) String detailing the error encountered during Attach or Detach operation.
This string may be logged, so it should not contain sensitive information.
- time (string) Time the error was encountered.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- attached (boolean) Indicates the volume is successfully attached. This field must only be set
by the entity completing the attach operation, i.e. the external-attacher.
- attachmentMetadata (map[string]string) Upon successful attach, this field is populated with any information
returned by the attach operation that must be passed into subsequent
WaitForAttach or Mount calls. This field must only be set by the entity
completing the attach operation, i.e. the external-attacher.
-
detachError (Object) The last error encountered during detach operation, if any. This field must
only be set by the entity completing the detach operation, i.e. the
external-attacher.
VolumeError captures an error encountered during a volume operation.
- message (string) String detailing the error encountered during Attach or Detach operation.
This string may be logged, so it should not contain sensitive information.
- time (string) Time the error was encountered.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
-
-
-
StorageClass StorageClass describes the parameters for a class of storage for which
PersistentVolumes can be dynamically provisioned.
StorageClasses are non-namespaced; the name of the storage class according
to etcd is in ObjectMeta.Name.
- allowVolumeExpansion (boolean) AllowVolumeExpansion shows whether the storage class allow volume expand
-
allowedTopologies ([]Object) Restrict the node topologies where volumes can be dynamically provisioned.
Each volume plugin defines its own supported topology specifications. An
empty TopologySelectorTerm list means there is no topology restriction.
This field is only honored by servers that enable the VolumeScheduling
feature.
A topology selector term represents the result of label queries. A null or
empty topology selector term matches no objects. The requirements of them
are ANDed. It provides a subset of functionality as NodeSelectorTerm. This
is an alpha feature and may change in the future.
-
matchLabelExpressions ([]Object) A list of topology selector requirements by labels.
A topology selector requirement is a selector that matches given label.
This is an alpha feature and may change in the future.
- key (string) The label key that the selector applies to.
- values ([]string) An array of string values. One value must match the label to be selected.
Each entry in Values is ORed.
-
-
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- mountOptions ([]string) Dynamically provisioned PersistentVolumes of this storage class are created
with these mountOptions, e.g. ["ro", "soft"]. Not validated - mount of the
PVs will simply fail if one is invalid.
- parameters (map[string]string) Parameters holds the parameters for the provisioner that should create
volumes of this storage class.
- provisioner (string) Provisioner indicates the type of the provisioner.
- reclaimPolicy (string) Dynamically provisioned PersistentVolumes of this storage class are created
with this reclaimPolicy. Defaults to Delete.
- volumeBindingMode (string) VolumeBindingMode indicates how PersistentVolumeClaims should be
provisioned and bound. When unset, VolumeBindingImmediate is used. This
field is only honored by servers that enable the VolumeScheduling feature.
-
-
CSIDriver CSIDriver captures information about a Container Storage Interface (CSI)
volume driver deployed on the cluster. Kubernetes attach detach controller
uses this object to determine whether attach is required. Kubelet uses this
object to determine whether pod information needs to be passed on mount.
CSIDriver objects are non-namespaced.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object metadata. metadata.Name indicates the name of the CSI
driver that this object refers to; it MUST be the same name returned by the
CSI GetPluginName() call for that driver. The driver name must be 63
characters or less, beginning and ending with an alphanumeric character
([a-z0-9A-Z]) with dashes (-), dots (.), and alphanumerics between. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the CSI Driver.
CSIDriverSpec is the specification of a CSIDriver.
- attachRequired (boolean) attachRequired indicates this CSI volume driver requires an attach
operation (because it implements the CSI ControllerPublishVolume() method),
and that the Kubernetes attach detach controller should call the attach
volume interface which checks the volumeattachment status and waits until
the volume is attached before proceeding to mounting. The CSI
external-attacher coordinates with CSI volume driver and updates the
volumeattachment status when the attach operation is complete. If the
CSIDriverRegistry feature gate is enabled and the value is specified to
false, the attach operation will be skipped. Otherwise the attach operation
will be called.
This field is immutable.
- fsGroupPolicy (string) Defines if the underlying volume supports changing ownership and permission
of the volume before being mounted. Refer to the specific FSGroupPolicy
values for additional details.
This field is immutable.
Defaults to ReadWriteOnceWithFSType, which will examine each volume to
determine if Kubernetes should modify ownership and permissions of the
volume. With the default policy the defined fsGroup will only be applied if
a fstype is defined and the volume's access mode contains ReadWriteOnce.
- podInfoOnMount (boolean) If set to true, podInfoOnMount indicates this CSI volume driver requires
additional pod information (like podName, podUID, etc.) during mount
operations. If set to false, pod information will not be passed on mount.
Default is false. The CSI driver specifies podInfoOnMount as part of driver
deployment. If true, Kubelet will pass pod information as VolumeContext in
the CSI NodePublishVolume() calls. The CSI driver is responsible for
parsing and validating the information passed in as VolumeContext. The
following VolumeConext will be passed if podInfoOnMount is set to true.
This list might grow, but the prefix will be used.
"csi.storage.k8s.io/pod.name": pod.Name "csi.storage.k8s.io/pod.namespace":
pod.Namespace "csi.storage.k8s.io/pod.uid": string(pod.UID)
"csi.storage.k8s.io/ephemeral": "true" if the volume is an ephemeral inline
volume
defined by a CSIVolumeSource, otherwise "false"
"csi.storage.k8s.io/ephemeral" is a new feature in Kubernetes 1.16. It is
only required for drivers which support both the "Persistent" and
"Ephemeral" VolumeLifecycleMode. Other drivers can leave pod info disabled
and/or ignore this field. As Kubernetes 1.15 doesn't support this field,
drivers can only support one mode when deployed on such a cluster and the
deployment determines which mode that is, for example via a command line
parameter of the driver.
This field is immutable.
- requiresRepublish (boolean) RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being
periodically called to reflect any possible change in the mounted volume.
This field defaults to false.
Note: After a successful initial NodePublishVolume call, subsequent calls
to NodePublishVolume should only update the contents of the volume. New
mount points will not be seen by a running container.
- storageCapacity (boolean) If set to true, storageCapacity indicates that the CSI volume driver wants
pod scheduling to consider the storage capacity that the driver deployment
will report by creating CSIStorageCapacity objects with capacity
information.
The check can be enabled immediately when deploying a driver. In that case,
provisioning new volumes with late binding will pause until the driver
deployment has published some suitable CSIStorageCapacity object.
Alternatively, the driver can be deployed with the field unset or false and
it can be flipped later when storage capacity information has been
published.
This field was immutable in Kubernetes (= 1.22 and now is mutable.
This is a beta field and only available when the CSIStorageCapacity feature
is enabled. The default is false.
-
tokenRequests ([]Object) TokenRequests indicates the CSI driver needs pods' service account tokens
it is mounting volume for to do necessary authentication. Kubelet will pass
the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI
driver should parse and validate the following VolumeContext:
"csi.storage.k8s.io/serviceAccount.tokens": { "(audience)": {
"token": (token),
"expirationTimestamp": (expiration timestamp in RFC3339),
}, ... }
Note: Audience in each TokenRequest should be different and at most one
token is empty string. To receive a new token after expiry,
RequiresRepublish can be used to trigger NodePublishVolume periodically.
TokenRequest contains parameters of a service account token.
- audience (string) Audience is the intended audience of the token in "TokenRequestSpec". It
will default to the audiences of kube apiserver.
- expirationSeconds (integer) ExpirationSeconds is the duration of validity of the token in
"TokenRequestSpec". It has the same default value of "ExpirationSeconds" in
"TokenRequestSpec".
-
- volumeLifecycleModes ([]string) volumeLifecycleModes defines what kind of volumes this CSI volume driver
supports. The default if the list is empty is "Persistent", which is the
usage defined by the CSI specification and implemented in Kubernetes via
the usual PV/PVC mechanism. The other mode is "Ephemeral". In this mode,
volumes are defined inline inside the pod spec with CSIVolumeSource and
their lifecycle is tied to the lifecycle of that pod. A driver has to be
aware of this because it is only going to get a NodePublishVolume call for
such a volume. For more information about implementing this mode, see
https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html A driver
can support one or more of these modes and more modes may be added in the
future. This field is beta.
This field is immutable.
-
-
-
CSINode CSINode holds information about all CSI drivers installed on a node. CSI
drivers do not need to create the CSINode object directly. As long as they
use the node-driver-registrar sidecar container, the kubelet will
automatically populate the CSINode object for the CSI driver as part of
kubelet plugin registration. CSINode has the same name as a node. If the
object is missing, it means either there are no CSI Drivers available on
the node, or the Kubelet version is low enough that it doesn't create this
object. CSINode has an OwnerReference that points to the corresponding node
object.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) metadata.name must be the Kubernetes node name.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) spec is the specification of CSINode
CSINodeSpec holds information about the specification of all CSI drivers
installed on a node
-
drivers ([]Object) drivers is a list of information of all CSI Drivers existing on a node. If
all drivers in the list are uninstalled, this can become empty.
CSINodeDriver holds information about the specification of one CSI driver
installed on a node
-
allocatable (Object) allocatable represents the volume resources of a node that are available
for scheduling. This field is beta.
VolumeNodeResources is a set of resource limits for scheduling of volumes.
- count (integer) Maximum number of unique volumes managed by the CSI driver that can be used
on a node. A volume that is both attached and mounted on a node is
considered to be used once, not twice. The same rule applies for a unique
volume that is shared among multiple pods on the same node. If this field
is not specified, then the supported number of volumes on this node is
unbounded.
-
- name (string) This is the name of the CSI driver that this object refers to. This MUST be
the same name returned by the CSI GetPluginName() call for that driver.
- nodeID (string) nodeID of the node from the driver point of view. This field enables
Kubernetes to communicate with storage systems that do not share the same
nomenclature for nodes. For example, Kubernetes may refer to a given node
as "node1", but the storage system may refer to the same node as "nodeA".
When Kubernetes issues a command to the storage system to attach a volume
to a specific node, it can use this field to refer to the node name using
the ID that the storage system will understand, e.g. "nodeA" instead of
"node1". This field is required.
- topologyKeys ([]string) topologyKeys is the list of keys supported by the driver. When a driver is
initialized on a cluster, it provides a set of topology keys that it
understands (e.g. "company.com/zone", "company.com/region"). When a driver
is initialized on a node, it provides the same topology keys along with
values. Kubelet will expose these topology keys as labels on its own node
object. When Kubernetes does topology aware provisioning, it can use this
list to determine which labels it should retrieve from the node object and
pass back to the driver. It is possible for different nodes to use
different topology keys. This can be empty if driver does not support
topology.
-
-
-
-
CSIStorageCapacity CSIStorageCapacity stores the result of one CSI GetCapacity call. For a
given StorageClass, this describes the available capacity in a particular
topology segment. This can be used when considering where to instantiate
new PersistentVolumes.
For example this can express things like: - StorageClass "standard" has
"1234 GiB" available in "topology.kubernetes.io/zone=us-east1" -
StorageClass "localssd" has "10 GiB" available in
"kubernetes.io/hostname=knode-abc123"
The following three cases all imply that no capacity is available for a
certain combination: - no object exists with suitable topology and storage
class name - such an object exists, but the capacity is unset - such an
object exists, but the capacity is zero
The producer of these objects can decide which approach is more suitable.
They are consumed by the kube-scheduler if the CSIStorageCapacity beta
feature gate is enabled there and a CSI driver opts into capacity-aware
scheduling with CSIDriver.StorageCapacity.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- capacity (string) Capacity is the value reported by the CSI driver in its GetCapacityResponse
for a GetCapacityRequest with topology and parameters that match the
previous fields.
The semantic is currently (CSI spec 1.2) defined as: The available
capacity, in bytes, of the storage that can be used to provision volumes.
If not set, that information is currently unavailable and treated like zero
capacity.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- maximumVolumeSize (string) MaximumVolumeSize is the value reported by the CSI driver in its
GetCapacityResponse for a GetCapacityRequest with topology and parameters
that match the previous fields.
This is defined since CSI spec 1.4.0 as the largest size that may be used
in a CreateVolumeRequest.capacity_range.required_bytes field to create a
volume with the same parameters as those in GetCapacityRequest. The
corresponding value in the Kubernetes API is ResourceRequirements.Requests
in a volume claim.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
metadata (Object) Standard object's metadata. The name has no particular meaning. It must be
be a DNS subdomain (dots allowed, 253 characters). To ensure that there are
no conflicts with other CSI drivers on the cluster, the recommendation is
to use csisc-(uuid), a generated name, or a reverse-domain name which ends
with the unique CSI driver name.
Objects are namespaced.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
nodeTopology (Object) NodeTopology defines which nodes have access to the storage for which
capacity was reported. If not set, the storage is not accessible from any
node in the cluster. If empty, the storage is accessible from all nodes.
This field is immutable.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- storageClassName (string) The name of the StorageClass that the reported capacity applies to. It must
meet the same requirements as the name of a StorageClass object (non-empty,
DNS subdomain). If that object no longer exists, the CSIStorageCapacity
object is obsolete and should be removed by its creator. This field is
immutable.
-
Scheduling
-
PriorityClass PriorityClass defines mapping from a priority class name to the priority
integer value. The value can be any valid integer.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- description (string) description is an arbitrary string that usually provides guidelines on when
this priority class should be used.
- globalDefault (boolean) globalDefault specifies whether this PriorityClass should be considered as
the default priority for pods that do not have any priority class. Only one
PriorityClass can be marked as `globalDefault`. However, if more than one
PriorityClasses exists with their `globalDefault` field set to true, the
smallest value of such global default PriorityClasses will be used as the
default priority.
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- preemptionPolicy (string) PreemptionPolicy is the Policy for preempting pods with lower priority. One
of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
This field is beta-level, gated by the NonPreemptingPriority feature-gate.
- value (integer) The value of this priority class. This is the actual priority that pods
receive when they have the name of this class in their pod spec.
-
-
PodDisruptionBudget PodDisruptionBudget is an object to define the max disruption that can be
caused to a collection of pods
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the desired behavior of the PodDisruptionBudget.
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
- maxUnavailable (string) An eviction is allowed if at most "maxUnavailable" pods selected by
"selector" are unavailable after the eviction, i.e. even in absence of the
evicted pod. For example, one can prevent all voluntary evictions by
specifying 0. This is a mutually exclusive setting with "minAvailable".
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
- minAvailable (string) An eviction is allowed if at least "minAvailable" pods selected by
"selector" will still be available after the eviction, i.e. even in the
absence of the evicted pod. So for example you can prevent all voluntary
evictions by specifying "100%!"(MISSING).
IntOrString is a type that can hold an int32 or a string. When used in JSON
or YAML marshalling and unmarshalling, it produces or consumes the inner
type. This allows you to have, for example, a JSON field that can accept a
name or number.
-
selector (Object) Label query over pods whose evictions are managed by the disruption budget.
A null selector will match no pods, while an empty ({}) selector will
select all pods within the namespace.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
-
status (Object) Most recently observed status of the PodDisruptionBudget.
PodDisruptionBudgetStatus represents information about the status of a
PodDisruptionBudget. Status may trail the actual state of a system.
-
conditions ([]Object) Conditions contain conditions for PDB. The disruption controller sets the
DisruptionAllowed condition. The following are known values for the reason
field (additional reasons could be added in the future): - SyncFailed: The
controller encountered an error and wasn't able to compute
the number of allowed disruptions. Therefore no disruptions are
allowed and the status of the condition will be False.
- InsufficientPods: The number of pods are either at or below the number
required by the PodDisruptionBudget. No disruptions are
allowed and the status of the condition will be False.
- SufficientPods: There are more pods than required by the
PodDisruptionBudget.
The condition will be True, and the number of allowed
disruptions are provided by the disruptionsAllowed property.
Condition contains details for one aspect of the current state of this API
Resource.
- lastTransitionTime (string) lastTransitionTime is the last time the condition transitioned from one
status to another. This should be when the underlying condition changed. If
that is not known, then using the time when the API field changed is
acceptable.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) message is a human readable message indicating details about the
transition. This may be an empty string.
- observedGeneration (integer) observedGeneration represents the .metadata.generation that the condition
was set based upon. For instance, if .metadata.generation is currently 12,
but the .status.conditions[x].observedGeneration is 9, the condition is out
of date with respect to the current state of the instance.
- reason (string) reason contains a programmatic identifier indicating the reason for the
condition's last transition. Producers of specific condition types may
define expected values and meanings for this field, and whether the values
are considered a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
- status (string) status of the condition, one of True, False, Unknown.
- type (string) type of condition in CamelCase or in foo.example.com/CamelCase.
-
- currentHealthy (integer) current number of healthy pods
- desiredHealthy (integer) minimum desired number of healthy pods
- disruptedPods (map[string]string) DisruptedPods contains information about pods whose eviction was processed
by the API server eviction subresource handler but has not yet been
observed by the PodDisruptionBudget controller. A pod will be in this map
from the time when the API server processed the eviction request to the
time when the pod is seen by PDB controller as having been marked for
deletion (or after a timeout). The key in the map is the name of the pod
and the value is the time when the API server processed the eviction
request. If the deletion didn't occur and a pod is still there it will be
removed from the list automatically by PodDisruptionBudget controller after
some time. If everything goes smooth this map should be empty for the most
of the time. Large number of entries in the map may indicate problems with
pod deletions.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- disruptionsAllowed (integer) Number of pod disruptions that are currently allowed.
- expectedPods (integer) total number of pods counted by this disruption budget
- observedGeneration (integer) Most recent generation observed when updating this PDB status.
DisruptionsAllowed and other status information is valid only if
observedGeneration equals to PDB's object generation.
-
-
Extending
-
CustomResourceDefinition CustomResourceDefinition represents a resource that should be exposed on
the API server. Its name MUST be in the format (.spec.name).(.spec.group).
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) spec describes how the user wants the resources to appear
CustomResourceDefinitionSpec describes how a user wants their resource to
appear
-
conversion (Object) conversion defines conversion settings for the CRD.
CustomResourceConversion describes how to convert different versions of a
CR.
- strategy (string) strategy specifies how custom resources are converted between versions.
Allowed values are: - `None`: The converter only change the apiVersion and
would not touch any other field in the custom resource. - `Webhook`: API
Server will call to an external webhook to do the conversion. Additional
information is needed for this option. This requires
spec.preserveUnknownFields to be false, and spec.conversion.webhook to be
set.
-
webhook (Object) webhook describes how to call the conversion webhook. Required when
`strategy` is set to `Webhook`.
WebhookConversion describes how to call a conversion webhook
-
clientConfig (Object) clientConfig is the instructions for how to call the webhook if strategy is
`Webhook`.
WebhookClientConfig contains the information to make a TLS connection with
the webhook.
- caBundle (string) caBundle is a PEM encoded CA bundle which will be used to validate the
webhook's server certificate. If unspecified, system trust roots on the
apiserver are used.
-
service (Object) service is a reference to the service for this webhook. Either service or
url must be specified.
If the webhook is running within the cluster, then you should use
`service`.
ServiceReference holds a reference to Service.legacy.k8s.io
- name (string) name is the name of the service. Required
- namespace (string) namespace is the namespace of the service. Required
- path (string) path is an optional URL path at which the webhook will be contacted.
- port (integer) port is an optional service port at which the webhook will be contacted.
`port` should be a valid port number (1-65535, inclusive). Defaults to 443
for backward compatibility.
-
- url (string) url gives the location of the webhook, in standard URL form
(`scheme://host:port/path`). Exactly one of `url` or `service` must be
specified.
The `host` should not refer to a service running in the cluster; use the
`service` field instead. The host might be resolved via external DNS in
some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as
that would be a layering violation). `host` may also be an IP address.
Please note that using `localhost` or `127.0.0.1` as a `host` is risky
unless you take great care to run this webhook on all hosts which run an
apiserver which might need to make calls to this webhook. Such installs are
likely to be non-portable, i.e., not easy to turn up in a new cluster.
The scheme must be "https"; the URL must begin with "https://".
A path is optional, and if present may be any string permissible in a URL.
You may use the path to pass an arbitrary string to the webhook, for
example, a cluster identifier.
Attempting to use a user or basic auth e.g. "user:password@" is not
allowed. Fragments ("#...") and query parameters ("?...") are not allowed,
either.
-
- conversionReviewVersions ([]string) conversionReviewVersions is an ordered list of preferred `ConversionReview`
versions the Webhook expects. The API server will use the first version in
the list which it supports. If none of the versions specified in this list
are supported by API server, conversion will fail for the custom resource.
If a persisted Webhook configuration specifies allowed versions and does
not include any versions known to the API Server, calls to the webhook will
fail.
-
-
- group (string) group is the API group of the defined custom resource. The custom resources
are served under `/apis/(group)/...`. Must match the name of the
CustomResourceDefinition (in the form `(names.plural).(group)`).
-
names (Object) names specify the resource and kind names for the custom resource.
CustomResourceDefinitionNames indicates the names to serve this
CustomResourceDefinition
- categories ([]string) categories is a list of grouped resources this custom resource belongs to
(e.g. 'all'). This is published in API discovery documents, and used by
clients to support invocations like `kubectl get all`.
- kind (string) kind is the serialized kind of the resource. It is normally CamelCase and
singular. Custom resource instances will use this value as the `kind`
attribute in API calls.
- listKind (string) listKind is the serialized kind of the list for this resource. Defaults to
"`kind`List".
- plural (string) plural is the plural name of the resource to serve. The custom resources
are served under `/apis/(group)/(version)/.../(plural)`. Must match the
name of the CustomResourceDefinition (in the form
`(names.plural).(group)`). Must be all lowercase.
- shortNames ([]string) shortNames are short names for the resource, exposed in API discovery
documents, and used by clients to support invocations like `kubectl get
(shortname)`. It must be all lowercase.
- singular (string) singular is the singular name of the resource. It must be all lowercase.
Defaults to lowercased `kind`.
-
- preserveUnknownFields (boolean) preserveUnknownFields indicates that object fields which are not specified
in the OpenAPI schema should be preserved when persisting to storage.
apiVersion, kind, metadata and known fields inside metadata are always
preserved. This field is deprecated in favor of setting
`x-preserve-unknown-fields` to true in
`spec.versions[*].schema.openAPIV3Schema`. See
https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#pruning-versus-preserving-unknown-fields
for details.
- scope (string) scope indicates whether the defined custom resource is cluster- or
namespace-scoped. Allowed values are `Cluster` and `Namespaced`.
-
versions ([]Object) versions is the list of all API versions of the defined custom resource.
Version names are used to compute the order in which served versions are
listed in API discovery. If the version string is "kube-like", it will sort
above non "kube-like" version strings, which are ordered lexicographically.
"Kube-like" versions start with a "v", then are followed by a number (the
major version), then optionally the string "alpha" or "beta" and another
number (the minor version). These are sorted first by GA ) beta ) alpha
(where GA is a version with no suffix such as beta or alpha), and then by
comparing major version, then minor version. An example sorted list of
versions: v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2,
foo1, foo10.
CustomResourceDefinitionVersion describes a version for CRD.
-
additionalPrinterColumns ([]Object) additionalPrinterColumns specifies additional columns returned in Table
output. See
https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables
for details. If no columns are specified, a single column displaying the
age of the custom resource is used.
CustomResourceColumnDefinition specifies a column for server side printing.
- description (string) description is a human readable description of this column.
- format (string) format is an optional OpenAPI type definition for this column. The 'name'
format is applied to the primary identifier column to assist in clients
identifying column is the resource name. See
https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types
for details.
- jsonPath (string) jsonPath is a simple JSON path (i.e. with array notation) which is
evaluated against each custom resource to produce the value for this
column.
- name (string) name is a human readable name for the column.
- priority (integer) priority is an integer defining the relative importance of this column
compared to others. Lower numbers are considered higher priority. Columns
that may be omitted in limited space scenarios should be given a priority
greater than 0.
- type (string) type is an OpenAPI type definition for this column. See
https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types
for details.
-
- deprecated (boolean) deprecated indicates this version of the custom resource API is deprecated.
When set to true, API requests to this version receive a warning header in
the server response. Defaults to false.
- deprecationWarning (string) deprecationWarning overrides the default warning returned to API clients.
May only be set when `deprecated` is true. The default warning indicates
this version is deprecated and recommends use of the newest served version
of equal or greater stability, if one exists.
- name (string) name is the version name, e.g. “v1�, “v2beta1�, etc. The custom
resources are served under this version at `/apis/(group)/(version)/...` if
`served` is true.
-
schema (Object) schema describes the schema used for validation, pruning, and defaulting of
this version of the custom resource.
CustomResourceValidation is a list of validation methods for
CustomResources.
-
openAPIV3Schema (Object) openAPIV3Schema is the OpenAPI v3 schema to use for validation and pruning.
JSONSchemaProps is a JSON-Schema following Specification Draft 4
(http://json-schema.org/).
- $ref (string) null
- $schema (string) null
- additionalItems ()
JSONSchemaPropsOrBool represents JSONSchemaProps or a boolean value.
Defaults to true for the boolean property.
- additionalProperties ()
JSONSchemaPropsOrBool represents JSONSchemaProps or a boolean value.
Defaults to true for the boolean property.
- allOf ([]Object)
JSONSchemaProps is a JSON-Schema following Specification Draft 4
(http://json-schema.org/).
- anyOf ([]Object)
JSONSchemaProps is a JSON-Schema following Specification Draft 4
(http://json-schema.org/).
- default () default is a default value for undefined object fields. Defaulting is a
beta feature under the CustomResourceDefaulting feature gate. Defaulting
requires spec.preserveUnknownFields to be false.
JSON represents any valid JSON value. These types are supported: bool,
int64, float64, string, []interface{}, map[string]interface{} and nil.
- definitions (map[string]Object)
JSONSchemaProps is a JSON-Schema following Specification Draft 4
(http://json-schema.org/).
- dependencies (map[string])
JSONSchemaPropsOrStringArray represents a JSONSchemaProps or a string
array.
- description (string) (empty)
- enum ([])
JSON represents any valid JSON value. These types are supported: bool,
int64, float64, string, []interface{}, map[string]interface{} and nil.
- example ()
JSON represents any valid JSON value. These types are supported: bool,
int64, float64, string, []interface{}, map[string]interface{} and nil.
- exclusiveMaximum (boolean) (empty)
- exclusiveMinimum (boolean) (empty)
-
externalDocs (Object)
ExternalDocumentation allows referencing an external resource for extended
documentation.
- description (string) (empty)
- url (string) (empty)
-
- format (string) format is an OpenAPI v3 format string. Unknown formats are ignored. The
following formats are validated:
- bsonobjectid: a bson object ID, i.e. a 24 characters hex string - uri: an
URI as parsed by Golang net/url.ParseRequestURI - email: an email address
as parsed by Golang net/mail.ParseAddress - hostname: a valid
representation for an Internet host name, as defined by RFC 1034, section
3.1 [RFC1034]. - ipv4: an IPv4 IP as parsed by Golang net.ParseIP - ipv6:
an IPv6 IP as parsed by Golang net.ParseIP - cidr: a CIDR as parsed by
Golang net.ParseCIDR - mac: a MAC address as parsed by Golang net.ParseMAC
- uuid: an UUID that allows uppercase defined by the regex
(?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$ -
uuid3: an UUID3 that allows uppercase defined by the regex
(?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$ -
uuid4: an UUID4 that allows uppercase defined by the regex
(?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$
- uuid5: an UUID5 that allows uppercase defined by the regex
(?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$
- isbn: an ISBN10 or ISBN13 number string like "0321751043" or
"978-0321751041" - isbn10: an ISBN10 number string like "0321751043" -
isbn13: an ISBN13 number string like "978-0321751041" - creditcard: a
credit card number defined by the regex
^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})$
with any non digit characters mixed in - ssn: a U.S. social security number
following the regex ^\d{3}[- ]?\d{2}[- ]?\d{4}$ - hexcolor: an hexadecimal
color code like "#FFFFFF: following the regex
^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$ - rgbcolor: an RGB color code like rgb
like "rgb(255,255,2559" - byte: base64 encoded binary data - password: any
kind of string - date: a date string like "2006-01-02" as defined by
full-date in RFC3339 - duration: a duration string like "22 ns" as parsed
by Golang time.ParseDuration or compatible with Scala duration format -
datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by
date-time in RFC3339.
- id (string) (empty)
- items ()
JSONSchemaPropsOrArray represents a value that can either be a
JSONSchemaProps or an array of JSONSchemaProps. Mainly here for
serialization purposes.
- maxItems (integer) (empty)
- maxLength (integer) (empty)
- maxProperties (integer) (empty)
- maximum (number) (empty)
- minItems (integer) (empty)
- minLength (integer) (empty)
- minProperties (integer) (empty)
- minimum (number) (empty)
- multipleOf (number) (empty)
- not (Object)
JSONSchemaProps is a JSON-Schema following Specification Draft 4
(http://json-schema.org/).
- nullable (boolean) (empty)
- oneOf ([]Object)
JSONSchemaProps is a JSON-Schema following Specification Draft 4
(http://json-schema.org/).
- pattern (string) (empty)
- patternProperties (map[string]Object)
JSONSchemaProps is a JSON-Schema following Specification Draft 4
(http://json-schema.org/).
- properties (map[string]Object)
JSONSchemaProps is a JSON-Schema following Specification Draft 4
(http://json-schema.org/).
- required ([]string) (empty)
- title (string) (empty)
- type (string) (empty)
- uniqueItems (boolean) (empty)
- x-kubernetes-embedded-resource (boolean) x-kubernetes-embedded-resource defines that the value is an embedded
Kubernetes runtime.Object, with TypeMeta and ObjectMeta. The type must be
object. It is allowed to further restrict the embedded object. kind,
apiVersion and metadata are validated automatically.
x-kubernetes-preserve-unknown-fields is allowed to be true, but does not
have to be if the object is fully specified (up to kind, apiVersion,
metadata).
- x-kubernetes-int-or-string (boolean) x-kubernetes-int-or-string specifies that this value is either an integer
or a string. If this is true, an empty type is allowed and type as child of
anyOf is permitted if following one of the following patterns:
1) anyOf:
- type: integer
- type: string 2) allOf:
- anyOf:
- type: integer
- type: string
- ... zero or more
- x-kubernetes-list-map-keys ([]string) x-kubernetes-list-map-keys annotates an array with the
x-kubernetes-list-type `map` by specifying the keys used as the index of
the map.
This tag MUST only be used on lists that have the "x-kubernetes-list-type"
extension set to "map". Also, the values specified for this attribute must
be a scalar typed field of the child structure (no nesting is supported).
The properties specified must either be required or have a default value,
to ensure those properties are present for all list items.
- x-kubernetes-list-type (string) x-kubernetes-list-type annotates an array to further describe its topology.
This extension must only be used on lists and may have 3 possible values:
1) `atomic`: the list is treated as a single entity, like a scalar.
Atomic lists will be entirely replaced when updated. This extension
may be used on any type of list (struct, scalar, ...).
2) `set`:
Sets are lists that must not have multiple items with the same value. Each
value must be a scalar, an object with x-kubernetes-map-type `atomic` or an
array with x-kubernetes-list-type `atomic`.
3) `map`:
These lists are like maps in that their elements have a non-index key
used to identify them. Order is preserved upon merge. The map tag
must only be used on a list with elements of type object.
Defaults to atomic for arrays.
- x-kubernetes-map-type (string) x-kubernetes-map-type annotates an object to further describe its topology.
This extension must only be used when type is object and may have 2
possible values:
1) `granular`:
These maps are actual maps (key-value pairs) and each fields are independent
from each other (they can each be manipulated by separate actors). This is
the default behaviour for all maps.
2) `atomic`: the list is treated as a single entity, like a scalar.
Atomic maps will be entirely replaced when updated.
- x-kubernetes-preserve-unknown-fields (boolean) x-kubernetes-preserve-unknown-fields stops the API server decoding step
from pruning fields which are not specified in the validation schema. This
affects fields recursively, but switches back to normal pruning behaviour
if nested properties or additionalProperties are specified in the schema.
This can either be true or undefined. False is forbidden.
-
x-kubernetes-validations ([]Object) x-kubernetes-validations describes a list of validation rules written in
the CEL expression language. This field is an alpha-level. Using this field
requires the feature gate `CustomResourceValidationExpressions` to be
enabled.
ValidationRule describes a validation rule written in the CEL expression
language.
- message (string) Message represents the message displayed when validation fails. The message
is required if the Rule contains line breaks. The message must not contain
line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be
a URL with the host matching spec.host"
- rule (string) Rule represents the expression which will be evaluated by CEL. ref:
https://github.com/google/cel-spec The Rule is scoped to the location of
the x-kubernetes-validations extension in the schema. The `self` variable
in the CEL expression is bound to the scoped value. Example: - Rule scoped
to the root of a resource with a status subresource: {"rule":
"self.status.actual (= self.spec.maxDesired"}
If the Rule is scoped to an object with properties, the accessible
properties of the object are field selectable via `self.field` and field
presence can be checked via `has(self.field)`. Null valued fields are
treated as absent fields in CEL expressions. If the Rule is scoped to an
object with additionalProperties (i.e. a map) the value of the map are
accessible via `self[mapKey]`, map containment can be checked via `mapKey
in self` and all entries of the map are accessible via CEL macros and
functions such as `self.all(...)`. If the Rule is scoped to an array, the
elements of the array are accessible via `self[i]` and also by macros and
functions. If the Rule is scoped to a scalar, `self` is bound to the scalar
value. Examples: - Rule scoped to a map of objects: {"rule":
"self.components['Widget'].priority ( 10"} - Rule scoped to a list of
integers: {"rule": "self.values.all(value, value )= 0 && value ( 100)"} -
Rule scoped to a string value: {"rule": "self.startsWith('kube')"}
The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are
always accessible from the root of the object and from any
x-kubernetes-embedded-resource annotated objects. No other metadata
properties are accessible.
Unknown data preserved in custom resources via
x-kubernetes-preserve-unknown-fields is not accessible in CEL expressions.
This includes: - Unknown field values that are preserved by object schemas
with x-kubernetes-preserve-unknown-fields. - Object properties where the
property schema is of an "unknown type". An "unknown type" is recursively
defined as:
- A schema with no type and x-kubernetes-preserve-unknown-fields set to
true
- An array where the items schema is of an "unknown type"
- An object where the additionalProperties schema is of an "unknown type"
Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are
accessible. Accessible property names are escaped according to the
following rules when accessed in the expression: - '__' escapes to
'__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' -
'/' escapes to '__slash__' - Property names that exactly match a CEL
RESERVED keyword escape to '__{keyword}__'. The keywords are:
"true", "false", "null", "in", "as", "break", "const", "continue", "else",
"for", "function", "if", "import", "let", "loop", "package", "namespace",
"return". Examples:
- Rule accessing a property named "namespace": {"rule": "self.__namespace__
) 0"}
- Rule accessing a property named "x-prop": {"rule": "self.x__dash__prop )
0"}
- Rule accessing a property named "redact__d": {"rule":
"self.redact__underscores__d ) 0"}
Equality on arrays with x-kubernetes-list-type of 'set' or 'map' ignores
element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with
x-kubernetes-list-type use the semantics of the list type:
- 'set': `X + Y` performs a union where the array positions of all elements
in `X` are preserved and
non-intersecting elements in `Y` are appended, retaining their partial order.
- 'map': `X + Y` performs a merge where the array positions of all keys in
`X` are preserved but the values
are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
non-intersecting keys are appended, retaining their partial order.
-
-
-
- served (boolean) served is a flag enabling/disabling this version from being served via REST
APIs
- storage (boolean) storage indicates this version should be used when persisting custom
resources to storage. There must be exactly one version with storage=true.
-
subresources (Object) subresources specify what subresources this version of the defined custom
resource have.
CustomResourceSubresources defines the status and scale subresources for
CustomResources.
-
scale (Object) scale indicates the custom resource should serve a `/scale` subresource
that returns an `autoscaling/v1` Scale object.
CustomResourceSubresourceScale defines how to serve the scale subresource
for CustomResources.
- labelSelectorPath (string) labelSelectorPath defines the JSON path inside of a custom resource that
corresponds to Scale `status.selector`. Only JSON paths without the array
notation are allowed. Must be a JSON Path under `.status` or `.spec`. Must
be set to work with HorizontalPodAutoscaler. The field pointed by this JSON
path must be a string field (not a complex selector struct) which contains
a serialized label selector in string form. More info:
https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource
If there is no value under the given path in the custom resource, the
`status.selector` value in the `/scale` subresource will default to the
empty string.
- specReplicasPath (string) specReplicasPath defines the JSON path inside of a custom resource that
corresponds to Scale `spec.replicas`. Only JSON paths without the array
notation are allowed. Must be a JSON Path under `.spec`. If there is no
value under the given path in the custom resource, the `/scale` subresource
will return an error on GET.
- statusReplicasPath (string) statusReplicasPath defines the JSON path inside of a custom resource that
corresponds to Scale `status.replicas`. Only JSON paths without the array
notation are allowed. Must be a JSON Path under `.status`. If there is no
value under the given path in the custom resource, the `status.replicas`
value in the `/scale` subresource will default to 0.
-
- status (map[string]) status indicates the custom resource should serve a `/status` subresource.
When enabled: 1. requests to the custom resource primary endpoint ignore
changes to the `status` stanza of the object. 2. requests to the custom
resource `/status` subresource ignore changes to anything other than the
`status` stanza of the object.
CustomResourceSubresourceStatus defines how to serve the status subresource
for CustomResources. Status is represented by the `.status` JSON path
inside of a CustomResource. When set, * exposes a /status subresource for
the custom resource * PUT requests to the /status subresource take a custom
resource object, and ignore changes to anything except the status stanza *
PUT/POST/PATCH requests to the custom resource ignore changes to the status
stanza
CustomResourceSubresourceStatus defines how to serve the status subresource
for CustomResources. Status is represented by the `.status` JSON path
inside of a CustomResource. When set, * exposes a /status subresource for
the custom resource * PUT requests to the /status subresource take a custom
resource object, and ignore changes to anything except the status stanza *
PUT/POST/PATCH requests to the custom resource ignore changes to the status
stanza
-
-
-
-
status (Object) status indicates the actual state of the CustomResourceDefinition
CustomResourceDefinitionStatus indicates the state of the
CustomResourceDefinition
-
acceptedNames (Object) acceptedNames are the names that are actually being used to serve
discovery. They may be different than the names in spec.
CustomResourceDefinitionNames indicates the names to serve this
CustomResourceDefinition
- categories ([]string) categories is a list of grouped resources this custom resource belongs to
(e.g. 'all'). This is published in API discovery documents, and used by
clients to support invocations like `kubectl get all`.
- kind (string) kind is the serialized kind of the resource. It is normally CamelCase and
singular. Custom resource instances will use this value as the `kind`
attribute in API calls.
- listKind (string) listKind is the serialized kind of the list for this resource. Defaults to
"`kind`List".
- plural (string) plural is the plural name of the resource to serve. The custom resources
are served under `/apis/(group)/(version)/.../(plural)`. Must match the
name of the CustomResourceDefinition (in the form
`(names.plural).(group)`). Must be all lowercase.
- shortNames ([]string) shortNames are short names for the resource, exposed in API discovery
documents, and used by clients to support invocations like `kubectl get
(shortname)`. It must be all lowercase.
- singular (string) singular is the singular name of the resource. It must be all lowercase.
Defaults to lowercased `kind`.
-
-
conditions ([]Object) conditions indicate state for particular aspects of a
CustomResourceDefinition
CustomResourceDefinitionCondition contains details for the current
condition of this pod.
- lastTransitionTime (string) lastTransitionTime last time the condition transitioned from one status to
another.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) message is a human-readable message indicating details about last
transition.
- reason (string) reason is a unique, one-word, CamelCase reason for the condition's last
transition.
- status (string) status is the status of the condition. Can be True, False, Unknown.
- type (string) type is the type of the condition. Types include Established, NamesAccepted
and Terminating.
-
- storedVersions ([]string) storedVersions lists all versions of CustomResources that were ever
persisted. Tracking these versions allows a migration path for stored
versions in etcd. The field is mutable so a migration controller can finish
a migration to another version (ensuring no old objects are left in
storage), and then remove the rest of the versions from this list. Versions
may not be removed from `spec.versions` while they exist in this list.
-
-
-
MutatingWebhookConfiguration MutatingWebhookConfiguration describes the configuration of and admission
webhook that accept or reject and may change the object.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object metadata; More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
webhooks ([]Object) Webhooks is a list of webhooks and the affected resources and operations.
MutatingWebhook describes an admission webhook and the resources and
operations it applies to.
- admissionReviewVersions ([]string) AdmissionReviewVersions is an ordered list of preferred `AdmissionReview`
versions the Webhook expects. API server will try to use first version in
the list which it supports. If none of the versions specified in this list
supported by API server, validation will fail for this object. If a
persisted webhook configuration specifies allowed versions and does not
include any versions known to the API Server, calls to the webhook will
fail and be subject to the failure policy.
-
clientConfig (Object) ClientConfig defines how to communicate with the hook. Required
WebhookClientConfig contains the information to make a TLS connection with
the webhook
- caBundle (string) `caBundle` is a PEM encoded CA bundle which will be used to validate the
webhook's server certificate. If unspecified, system trust roots on the
apiserver are used.
-
service (Object) `service` is a reference to the service for this webhook. Either `service`
or `url` must be specified.
If the webhook is running within the cluster, then you should use
`service`.
ServiceReference holds a reference to Service.legacy.k8s.io
- name (string) `name` is the name of the service. Required
- namespace (string) `namespace` is the namespace of the service. Required
- path (string) `path` is an optional URL path which will be sent in any request to this
service.
- port (integer) If specified, the port on the service that hosting webhook. Default to 443
for backward compatibility. `port` should be a valid port number (1-65535,
inclusive).
-
- url (string) `url` gives the location of the webhook, in standard URL form
(`scheme://host:port/path`). Exactly one of `url` or `service` must be
specified.
The `host` should not refer to a service running in the cluster; use the
`service` field instead. The host might be resolved via external DNS in
some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as
that would be a layering violation). `host` may also be an IP address.
Please note that using `localhost` or `127.0.0.1` as a `host` is risky
unless you take great care to run this webhook on all hosts which run an
apiserver which might need to make calls to this webhook. Such installs are
likely to be non-portable, i.e., not easy to turn up in a new cluster.
The scheme must be "https"; the URL must begin with "https://".
A path is optional, and if present may be any string permissible in a URL.
You may use the path to pass an arbitrary string to the webhook, for
example, a cluster identifier.
Attempting to use a user or basic auth e.g. "user:password@" is not
allowed. Fragments ("#...") and query parameters ("?...") are not allowed,
either.
-
- failurePolicy (string) FailurePolicy defines how unrecognized errors from the admission endpoint
are handled - allowed values are Ignore or Fail. Defaults to Fail.
- matchPolicy (string) matchPolicy defines how the "rules" list is used to match incoming
requests. Allowed values are "Exact" or "Equivalent".
- Exact: match a request only if it exactly matches a specified rule. For
example, if deployments can be modified via apps/v1, apps/v1beta1, and
extensions/v1beta1, but "rules" only included `apiGroups:["apps"],
apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1
or extensions/v1beta1 would not be sent to the webhook.
- Equivalent: match a request if modifies a resource listed in rules, even
via another API group or version. For example, if deployments can be
modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules"
only included `apiGroups:["apps"], apiVersions:["v1"], resources:
["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be
converted to apps/v1 and sent to the webhook.
Defaults to "Equivalent"
- name (string) The name of the admission webhook. Name should be fully qualified, e.g.,
imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook,
and kubernetes.io is the name of the organization. Required.
-
namespaceSelector (Object) NamespaceSelector decides whether to run the webhook on an object based on
whether the namespace for that object matches the selector. If the object
itself is a namespace, the matching is performed on object.metadata.labels.
If the object is another cluster scoped resource, it never skips the
webhook.
For example, to run the webhook on any objects whose namespace is not
associated with "runlevel" of "0" or "1"; you will set the selector as
follows: "namespaceSelector": { "matchExpressions": [
{
"key": "runlevel",
"operator": "NotIn",
"values": [
"0",
"1"
]
}
] }
If instead you want to only run the webhook on any objects whose namespace
is associated with the "environment" of "prod" or "staging"; you will set
the selector as follows: "namespaceSelector": { "matchExpressions": [
{
"key": "environment",
"operator": "In",
"values": [
"prod",
"staging"
]
}
] }
See
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
for more examples of label selectors.
Default to the empty LabelSelector, which matches everything.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
objectSelector (Object) ObjectSelector decides whether to run the webhook based on if the object
has matching labels. objectSelector is evaluated against both the oldObject
and newObject that would be sent to the webhook, and is considered to match
if either object matches the selector. A null object (oldObject in the case
of create, or newObject in the case of delete) or an object that cannot
have labels (like a DeploymentRollback or a PodProxyOptions object) is not
considered to match. Use the object selector only if the webhook is opt-in,
because end users may skip the admission webhook by setting the labels.
Default to the empty LabelSelector, which matches everything.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
- reinvocationPolicy (string) reinvocationPolicy indicates whether this webhook should be called multiple
times as part of a single admission evaluation. Allowed values are "Never"
and "IfNeeded".
Never: the webhook will not be called more than once in a single admission
evaluation.
IfNeeded: the webhook will be called at least one additional time as part
of the admission evaluation if the object being admitted is modified by
other admission plugins after the initial webhook call. Webhooks that
specify this option *must* be idempotent, able to process objects they
previously admitted. Note: * the number of additional invocations is not
guaranteed to be exactly one. * if additional invocations result in further
modifications to the object, webhooks are not guaranteed to be invoked
again. * webhooks that use this option may be reordered to minimize the
number of additional invocations. * to validate an object after all
mutations are guaranteed complete, use a validating admission webhook
instead.
Defaults to "Never".
-
rules ([]Object) Rules describes what operations on what resources/subresources the webhook
cares about. The webhook cares about an operation if it matches _any_ Rule.
However, in order to prevent ValidatingAdmissionWebhooks and
MutatingAdmissionWebhooks from putting the cluster in a state which cannot
be recovered from without completely disabling the plugin,
ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called
on admission requests for ValidatingWebhookConfiguration and
MutatingWebhookConfiguration objects.
RuleWithOperations is a tuple of Operations and Resources. It is
recommended to make sure that all the tuple expansions are valid.
- apiGroups ([]string) APIGroups is the API groups the resources belong to. '*' is all groups. If
'*' is present, the length of the slice must be one. Required.
- apiVersions ([]string) APIVersions is the API versions the resources belong to. '*' is all
versions. If '*' is present, the length of the slice must be one. Required.
- operations ([]string) Operations is the operations the admission hook cares about - CREATE,
UPDATE, DELETE, CONNECT or * for all of those operations and any future
admission operations that are added. If '*' is present, the length of the
slice must be one. Required.
- resources ([]string) Resources is a list of resources this rule applies to.
For example: 'pods' means pods. 'pods/log' means the log subresource of
pods. '*' means all resources, but not subresources. 'pods/*' means all
subresources of pods. '*/scale' means all scale subresources. '*/*' means
all resources and their subresources.
If wildcard is present, the validation rule will ensure resources do not
overlap with each other.
Depending on the enclosing object, subresources might not be allowed.
Required.
- scope (string) scope specifies the scope of this rule. Valid values are "Cluster",
"Namespaced", and "*" "Cluster" means that only cluster-scoped resources
will match this rule. Namespace API objects are cluster-scoped.
"Namespaced" means that only namespaced resources will match this rule. "*"
means that there are no scope restrictions. Subresources match the scope of
their parent resource. Default is "*".
-
- sideEffects (string) SideEffects states whether this webhook has side effects. Acceptable values
are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some
or Unknown). Webhooks with side effects MUST implement a reconciliation
system, since a request may be rejected by a future step in the admission
chain and the side effects therefore need to be undone. Requests with the
dryRun attribute will be auto-rejected if they match a webhook with
sideEffects == Unknown or Some.
- timeoutSeconds (integer) TimeoutSeconds specifies the timeout for this webhook. After the timeout
passes, the webhook call will be ignored or the API call will fail based on
the failure policy. The timeout value must be between 1 and 30 seconds.
Default to 10 seconds.
-
-
-
ValidatingWebhookConfiguration ValidatingWebhookConfiguration describes the configuration of and admission
webhook that accept or reject and object without changing it.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object metadata; More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
webhooks ([]Object) Webhooks is a list of webhooks and the affected resources and operations.
ValidatingWebhook describes an admission webhook and the resources and
operations it applies to.
- admissionReviewVersions ([]string) AdmissionReviewVersions is an ordered list of preferred `AdmissionReview`
versions the Webhook expects. API server will try to use first version in
the list which it supports. If none of the versions specified in this list
supported by API server, validation will fail for this object. If a
persisted webhook configuration specifies allowed versions and does not
include any versions known to the API Server, calls to the webhook will
fail and be subject to the failure policy.
-
clientConfig (Object) ClientConfig defines how to communicate with the hook. Required
WebhookClientConfig contains the information to make a TLS connection with
the webhook
- caBundle (string) `caBundle` is a PEM encoded CA bundle which will be used to validate the
webhook's server certificate. If unspecified, system trust roots on the
apiserver are used.
-
service (Object) `service` is a reference to the service for this webhook. Either `service`
or `url` must be specified.
If the webhook is running within the cluster, then you should use
`service`.
ServiceReference holds a reference to Service.legacy.k8s.io
- name (string) `name` is the name of the service. Required
- namespace (string) `namespace` is the namespace of the service. Required
- path (string) `path` is an optional URL path which will be sent in any request to this
service.
- port (integer) If specified, the port on the service that hosting webhook. Default to 443
for backward compatibility. `port` should be a valid port number (1-65535,
inclusive).
-
- url (string) `url` gives the location of the webhook, in standard URL form
(`scheme://host:port/path`). Exactly one of `url` or `service` must be
specified.
The `host` should not refer to a service running in the cluster; use the
`service` field instead. The host might be resolved via external DNS in
some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as
that would be a layering violation). `host` may also be an IP address.
Please note that using `localhost` or `127.0.0.1` as a `host` is risky
unless you take great care to run this webhook on all hosts which run an
apiserver which might need to make calls to this webhook. Such installs are
likely to be non-portable, i.e., not easy to turn up in a new cluster.
The scheme must be "https"; the URL must begin with "https://".
A path is optional, and if present may be any string permissible in a URL.
You may use the path to pass an arbitrary string to the webhook, for
example, a cluster identifier.
Attempting to use a user or basic auth e.g. "user:password@" is not
allowed. Fragments ("#...") and query parameters ("?...") are not allowed,
either.
-
- failurePolicy (string) FailurePolicy defines how unrecognized errors from the admission endpoint
are handled - allowed values are Ignore or Fail. Defaults to Fail.
- matchPolicy (string) matchPolicy defines how the "rules" list is used to match incoming
requests. Allowed values are "Exact" or "Equivalent".
- Exact: match a request only if it exactly matches a specified rule. For
example, if deployments can be modified via apps/v1, apps/v1beta1, and
extensions/v1beta1, but "rules" only included `apiGroups:["apps"],
apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1
or extensions/v1beta1 would not be sent to the webhook.
- Equivalent: match a request if modifies a resource listed in rules, even
via another API group or version. For example, if deployments can be
modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules"
only included `apiGroups:["apps"], apiVersions:["v1"], resources:
["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be
converted to apps/v1 and sent to the webhook.
Defaults to "Equivalent"
- name (string) The name of the admission webhook. Name should be fully qualified, e.g.,
imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook,
and kubernetes.io is the name of the organization. Required.
-
namespaceSelector (Object) NamespaceSelector decides whether to run the webhook on an object based on
whether the namespace for that object matches the selector. If the object
itself is a namespace, the matching is performed on object.metadata.labels.
If the object is another cluster scoped resource, it never skips the
webhook.
For example, to run the webhook on any objects whose namespace is not
associated with "runlevel" of "0" or "1"; you will set the selector as
follows: "namespaceSelector": { "matchExpressions": [
{
"key": "runlevel",
"operator": "NotIn",
"values": [
"0",
"1"
]
}
] }
If instead you want to only run the webhook on any objects whose namespace
is associated with the "environment" of "prod" or "staging"; you will set
the selector as follows: "namespaceSelector": { "matchExpressions": [
{
"key": "environment",
"operator": "In",
"values": [
"prod",
"staging"
]
}
] }
See
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
for more examples of label selectors.
Default to the empty LabelSelector, which matches everything.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
objectSelector (Object) ObjectSelector decides whether to run the webhook based on if the object
has matching labels. objectSelector is evaluated against both the oldObject
and newObject that would be sent to the webhook, and is considered to match
if either object matches the selector. A null object (oldObject in the case
of create, or newObject in the case of delete) or an object that cannot
have labels (like a DeploymentRollback or a PodProxyOptions object) is not
considered to match. Use the object selector only if the webhook is opt-in,
because end users may skip the admission webhook by setting the labels.
Default to the empty LabelSelector, which matches everything.
A label selector is a label query over a set of resources. The result of
matchLabels and matchExpressions are ANDed. An empty label selector matches
all objects. A null label selector matches no objects.
-
matchExpressions ([]Object) matchExpressions is a list of label selector requirements. The requirements
are ANDed.
A label selector requirement is a selector that contains values, a key, and
an operator that relates the key and values.
- key (string) key is the label key that the selector applies to.
- operator (string) operator represents a key's relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
- values ([]string) values is an array of string values. If the operator is In or NotIn, the
values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
-
- matchLabels (map[string]string) matchLabels is a map of {key,value} pairs. A single {key,value} in the
matchLabels map is equivalent to an element of matchExpressions, whose key
field is "key", the operator is "In", and the values array contains only
"value". The requirements are ANDed.
-
-
rules ([]Object) Rules describes what operations on what resources/subresources the webhook
cares about. The webhook cares about an operation if it matches _any_ Rule.
However, in order to prevent ValidatingAdmissionWebhooks and
MutatingAdmissionWebhooks from putting the cluster in a state which cannot
be recovered from without completely disabling the plugin,
ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called
on admission requests for ValidatingWebhookConfiguration and
MutatingWebhookConfiguration objects.
RuleWithOperations is a tuple of Operations and Resources. It is
recommended to make sure that all the tuple expansions are valid.
- apiGroups ([]string) APIGroups is the API groups the resources belong to. '*' is all groups. If
'*' is present, the length of the slice must be one. Required.
- apiVersions ([]string) APIVersions is the API versions the resources belong to. '*' is all
versions. If '*' is present, the length of the slice must be one. Required.
- operations ([]string) Operations is the operations the admission hook cares about - CREATE,
UPDATE, DELETE, CONNECT or * for all of those operations and any future
admission operations that are added. If '*' is present, the length of the
slice must be one. Required.
- resources ([]string) Resources is a list of resources this rule applies to.
For example: 'pods' means pods. 'pods/log' means the log subresource of
pods. '*' means all resources, but not subresources. 'pods/*' means all
subresources of pods. '*/scale' means all scale subresources. '*/*' means
all resources and their subresources.
If wildcard is present, the validation rule will ensure resources do not
overlap with each other.
Depending on the enclosing object, subresources might not be allowed.
Required.
- scope (string) scope specifies the scope of this rule. Valid values are "Cluster",
"Namespaced", and "*" "Cluster" means that only cluster-scoped resources
will match this rule. Namespace API objects are cluster-scoped.
"Namespaced" means that only namespaced resources will match this rule. "*"
means that there are no scope restrictions. Subresources match the scope of
their parent resource. Default is "*".
-
- sideEffects (string) SideEffects states whether this webhook has side effects. Acceptable values
are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some
or Unknown). Webhooks with side effects MUST implement a reconciliation
system, since a request may be rejected by a future step in the admission
chain and the side effects therefore need to be undone. Requests with the
dryRun attribute will be auto-rejected if they match a webhook with
sideEffects == Unknown or Some.
- timeoutSeconds (integer) TimeoutSeconds specifies the timeout for this webhook. After the timeout
passes, the webhook call will be ignored or the API call will fail based on
the failure policy. The timeout value must be between 1 and 30 seconds.
Default to 10 seconds.
-
-
Calico
-
BGPConfiguration BGPConfiguration contains the configuration for any BGP routing.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) BGPConfigurationSpec contains the values of the BGP configuration.
- asNumber (integer) ASNumber is the default AS number used by a node. [Default: 64512]
-
communities ([]Object) Communities is a list of BGP community values and their arbitrary names for
tagging routes.
Community contains standard or large community value and its name.
- name (string) Name given to community value.
- value (string) Value must be of format `aa:nn` or `aa:nn:mm`. For standard community use
`aa:nn` format, where `aa` and `nn` are 16 bit number. For large community
use `aa:nn:mm` format, where `aa`, `nn` and `mm` are 32 bit number. Where,
`aa` is an AS Number, `nn` and `mm` are per-AS identifier.
-
- listenPort (integer) ListenPort is the port where BGP protocol should listen. Defaults to 179
- logSeverityScreen (string) LogSeverityScreen is the log severity above which logs are sent to the
stdout. [Default: INFO]
- nodeToNodeMeshEnabled (boolean) NodeToNodeMeshEnabled sets whether full node to node BGP mesh is enabled.
[Default: true]
-
prefixAdvertisements ([]Object) PrefixAdvertisements contains per-prefix advertisement configuration.
PrefixAdvertisement configures advertisement properties for the specified
CIDR.
- cidr (string) CIDR for which properties should be advertised.
- communities ([]string) Communities can be list of either community names already defined in
`Specs.Communities` or community value of format `aa:nn` or `aa:nn:mm`. For
standard community use `aa:nn` format, where `aa` and `nn` are 16 bit
number. For large community use `aa:nn:mm` format, where `aa`, `nn` and
`mm` are 32 bit number. Where,`aa` is an AS Number, `nn` and `mm` are
per-AS identifier.
-
-
serviceClusterIPs ([]Object) ServiceClusterIPs are the CIDR blocks from which service cluster IPs are
allocated. If specified, Calico will advertise these blocks, as well as any
cluster IPs within them.
ServiceClusterIPBlock represents a single allowed ClusterIP CIDR block.
- cidr (string) (empty)
-
-
serviceExternalIPs ([]Object) ServiceExternalIPs are the CIDR blocks for Kubernetes Service External IPs.
Kubernetes Service ExternalIPs will only be advertised if they are within
one of these blocks.
ServiceExternalIPBlock represents a single allowed External IP CIDR block.
- cidr (string) (empty)
-
-
serviceLoadBalancerIPs ([]Object) ServiceLoadBalancerIPs are the CIDR blocks for Kubernetes Service
LoadBalancer IPs. Kubernetes Service status.LoadBalancer.Ingress IPs will
only be advertised if they are within one of these blocks.
ServiceLoadBalancerIPBlock represents a single allowed LoadBalancer IP CIDR
block.
- cidr (string) (empty)
-
-
-
-
BGPPeer (empty)
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) BGPPeerSpec contains the specification for a BGPPeer resource.
- asNumber (integer) The AS Number of the peer.
- keepOriginalNextHop (boolean) Option to keep the original nexthop field when routes are sent to a BGP
Peer. Setting "true" configures the selected BGP Peers node to use the
"next hop keep;" instead of "next hop self;"(default) in the specific
branch of the Node on "bird.cfg".
- maxRestartTime (string) Time to allow for software restart. When specified, this is configured as
the graceful restart timeout. When not specified, the BIRD default of 120s
is used.
- node (string) The node name identifying the Calico node instance that is targeted by this
peer. If this is not set, and no nodeSelector is specified, then this BGP
peer selects all nodes in the cluster.
- nodeSelector (string) Selector for the nodes that should have this peering. When this is set, the
Node field must be empty.
-
password (Object) Optional BGP password for the peerings generated by this BGPPeer resource.
-
secretKeyRef (Object) Selects a key of a secret in the node pod's namespace.
- key (string) The key of the secret to select from. Must be a valid secret key.
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
- optional (boolean) Specify whether the Secret or its key must be defined
-
-
- peerIP (string) The IP address of the peer followed by an optional port number to peer
with. If port number is given, format should be `[(IPv6)]:port` or
`(IPv4):(port)` for IPv4. If optional port number is not set, and this peer
IP and ASNumber belongs to a calico/node with ListenPort set in
BGPConfiguration, then we use that port to peer.
- peerSelector (string) Selector for the remote nodes to peer with. When this is set, the PeerIP
and ASNumber fields must be empty. For each peering between the local node
and selected remote nodes, we configure an IPv4 peering if both ends have
NodeBGPSpec.IPv4Address specified, and an IPv6 peering if both ends have
NodeBGPSpec.IPv6Address specified. The remote AS number comes from the
remote node's NodeBGPSpec.ASNumber, or the global default if that is not
set.
- sourceAddress (string) Specifies whether and how to configure a source address for the peerings
generated by this BGPPeer resource. Default value "UseNodeIP" means to
configure the node IP as the source address. "None" means not to configure
a source address.
-
-
-
BlockAffinity (empty)
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) BlockAffinitySpec contains the specification for a BlockAffinity resource.
- cidr (string) (empty)
- deleted (string) Deleted indicates that this block affinity is being deleted. This field is
a string for compatibility with older releases that mistakenly treat this
field as a string.
- node (string) (empty)
- state (string) (empty)
-
-
-
CalicoNodeStatus (empty)
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) CalicoNodeStatusSpec contains the specification for a CalicoNodeStatus
resource.
- classes ([]string) Classes declares the types of information to monitor for this calico/node,
and allows for selective status reporting about certain subsets of
information.
- node (string) The node name identifies the Calico node instance for node status.
- updatePeriodSeconds (integer) UpdatePeriodSeconds is the period at which CalicoNodeStatus should be
updated. Set to 0 to disable CalicoNodeStatus refresh. Maximum update
period is one day.
-
-
status (Object) CalicoNodeStatusStatus defines the observed state of CalicoNodeStatus. No
validation needed for status since it is updated by Calico.
-
agent (Object) Agent holds agent status on the node.
-
birdV4 (Object) BIRDV4 represents the latest observed status of bird4.
- lastBootTime (string) LastBootTime holds the value of lastBootTime from bird.ctl output.
- lastReconfigurationTime (string) LastReconfigurationTime holds the value of lastReconfigTime from bird.ctl
output.
- routerID (string) Router ID used by bird.
- state (string) The state of the BGP Daemon.
- version (string) Version of the BGP daemon
-
-
birdV6 (Object) BIRDV6 represents the latest observed status of bird6.
- lastBootTime (string) LastBootTime holds the value of lastBootTime from bird.ctl output.
- lastReconfigurationTime (string) LastReconfigurationTime holds the value of lastReconfigTime from bird.ctl
output.
- routerID (string) Router ID used by bird.
- state (string) The state of the BGP Daemon.
- version (string) Version of the BGP daemon
-
-
-
bgp (Object) BGP holds node BGP status.
- numberEstablishedV4 (integer) The total number of IPv4 established bgp sessions.
- numberEstablishedV6 (integer) The total number of IPv6 established bgp sessions.
- numberNotEstablishedV4 (integer) The total number of IPv4 non-established bgp sessions.
- numberNotEstablishedV6 (integer) The total number of IPv6 non-established bgp sessions.
-
peersV4 ([]Object) PeersV4 represents IPv4 BGP peers status on the node.
CalicoNodePeer contains the status of BGP peers on the node.
- peerIP (string) IP address of the peer whose condition we are reporting.
- since (string) Since the state or reason last changed.
- state (string) State is the BGP session state.
- type (string) Type indicates whether this peer is configured via the node-to-node mesh,
or via en explicit global or per-node BGPPeer object.
-
-
peersV6 ([]Object) PeersV6 represents IPv6 BGP peers status on the node.
CalicoNodePeer contains the status of BGP peers on the node.
- peerIP (string) IP address of the peer whose condition we are reporting.
- since (string) Since the state or reason last changed.
- state (string) State is the BGP session state.
- type (string) Type indicates whether this peer is configured via the node-to-node mesh,
or via en explicit global or per-node BGPPeer object.
-
-
- lastUpdated () LastUpdated is a timestamp representing the server time when
CalicoNodeStatus object last updated. It is represented in RFC3339 form and
is in UTC.
-
routes (Object) Routes reports routes known to the Calico BGP daemon on the node.
-
routesV4 ([]Object) RoutesV4 represents IPv4 routes on the node.
CalicoNodeRoute contains the status of BGP routes on the node.
- destination (string) Destination of the route.
- gateway (string) Gateway for the destination.
- interface (string) Interface for the destination
-
learnedFrom (Object) LearnedFrom contains information regarding where this route originated.
- peerIP (string) If sourceType is NodeMesh or BGPPeer, IP address of the router that sent us
this route.
- sourceType (string) Type of the source where a route is learned from.
-
- type (string) Type indicates if the route is being used for forwarding or not.
-
-
routesV6 ([]Object) RoutesV6 represents IPv6 routes on the node.
CalicoNodeRoute contains the status of BGP routes on the node.
- destination (string) Destination of the route.
- gateway (string) Gateway for the destination.
- interface (string) Interface for the destination
-
learnedFrom (Object) LearnedFrom contains information regarding where this route originated.
- peerIP (string) If sourceType is NodeMesh or BGPPeer, IP address of the router that sent us
this route.
- sourceType (string) Type of the source where a route is learned from.
-
- type (string) Type indicates if the route is being used for forwarding or not.
-
-
-
-
-
ClusterInformation ClusterInformation contains the cluster specific information.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) ClusterInformationSpec contains the values of describing the cluster.
- calicoVersion (string) CalicoVersion is the version of Calico that the cluster is running
- clusterGUID (string) ClusterGUID is the GUID of the cluster
- clusterType (string) ClusterType describes the type of the cluster
- datastoreReady (boolean) DatastoreReady is used during significant datastore migrations to signal to
components such as Felix that it should wait before accessing the
datastore.
- variant (string) Variant declares which variant of Calico should be active.
-
-
-
FelixConfiguration Felix Configuration contains the configuration for Felix.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) FelixConfigurationSpec contains the values of the Felix configuration.
- allowIPIPPacketsFromWorkloads (boolean) AllowIPIPPacketsFromWorkloads controls whether Felix will add a rule to
drop IPIP encapsulated traffic from workloads [Default: false]
- allowVXLANPacketsFromWorkloads (boolean) AllowVXLANPacketsFromWorkloads controls whether Felix will add a rule to
drop VXLAN encapsulated traffic from workloads [Default: false]
- awsSrcDstCheck (string) Set source-destination-check on AWS EC2 instances. Accepted value must be
one of "DoNothing", "Enable" or "Disable". [Default: DoNothing]
- bpfConnectTimeLoadBalancingEnabled (boolean) BPFConnectTimeLoadBalancingEnabled when in BPF mode, controls whether Felix
installs the connection-time load balancer. The connect-time load balancer
is required for the host to be able to reach Kubernetes services and it
improves the performance of pod-to-service connections. The only reason to
disable it is for debugging purposes. [Default: true]
- bpfDataIfacePattern (string) BPFDataIfacePattern is a regular expression that controls which interfaces
Felix should attach BPF programs to in order to catch traffic to/from the
network. This needs to match the interfaces that Calico workload traffic
flows over as well as any interfaces that handle incoming traffic to
nodeports and services from outside the cluster. It should not match the
workload interfaces (usually named cali...).
- bpfDisableUnprivileged (boolean) BPFDisableUnprivileged, if enabled, Felix sets the
kernel.unprivileged_bpf_disabled sysctl to disable unprivileged use of BPF.
This ensures that unprivileged users cannot access Calico's BPF maps and
cannot insert their own BPF programs to interfere with Calico's. [Default:
true]
- bpfEnabled (boolean) BPFEnabled, if enabled Felix will use the BPF dataplane. [Default: false]
- bpfExtToServiceConnmark (integer) BPFExtToServiceConnmark in BPF mode, control a 32bit mark that is set on
connections from an external client to a local service. This mark allows us
to control how packets of that connection are routed within the host and
how is routing intepreted by RPF check. [Default: 0]
- bpfExternalServiceMode (string) BPFExternalServiceMode in BPF mode, controls how connections from outside
the cluster to services (node ports and cluster IPs) are forwarded to
remote workloads. If set to "Tunnel" then both request and response traffic
is tunneled to the remote node. If set to "DSR", the request traffic is
tunneled but the response traffic is sent directly from the remote node. In
"DSR" mode, the remote node appears to use the IP of the ingress node; this
requires a permissive L2 network. [Default: Tunnel]
- bpfKubeProxyEndpointSlicesEnabled (boolean) BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls whether Felix's
embedded kube-proxy accepts EndpointSlices or not.
- bpfKubeProxyIptablesCleanupEnabled (boolean) BPFKubeProxyIptablesCleanupEnabled, if enabled in BPF mode, Felix will
proactively clean up the upstream Kubernetes kube-proxy's iptables chains.
Should only be enabled if kube-proxy is not running. [Default: true]
- bpfKubeProxyMinSyncPeriod (string) BPFKubeProxyMinSyncPeriod, in BPF mode, controls the minimum time between
updates to the dataplane for Felix's embedded kube-proxy. Lower values give
reduced set-up latency. Higher values reduce Felix CPU usage by batching up
more work. [Default: 1s]
- bpfLogLevel (string) BPFLogLevel controls the log level of the BPF programs when in BPF
dataplane mode. One of "Off", "Info", or "Debug". The logs are emitted to
the BPF trace pipe, accessible with the command `tc exec bpf debug`.
[Default: Off].
- chainInsertMode (string) ChainInsertMode controls whether Felix hooks the kernel's top-level
iptables chains by inserting a rule at the top of the chain or by appending
a rule at the bottom. insert is the safe default since it prevents Calico's
rules from being bypassed. If you switch to append mode, be sure that the
other rules in the chains signal acceptance by falling through to the
Calico rules, otherwise the Calico policy will be bypassed. [Default:
insert]
- dataplaneDriver (string) (empty)
- debugDisableLogDropping (boolean) (empty)
- debugMemoryProfilePath (string) (empty)
- debugSimulateCalcGraphHangAfter (string) (empty)
- debugSimulateDataplaneHangAfter (string) (empty)
- defaultEndpointToHostAction (string) DefaultEndpointToHostAction controls what happens to traffic that goes from
a workload endpoint to the host itself (after the traffic hits the endpoint
egress policy). By default Calico blocks traffic from workload endpoints to
the host itself with an iptables "DROP" action. If you want to allow some
or all traffic from endpoint to host, set this parameter to RETURN or
ACCEPT. Use RETURN if you have your own rules in the iptables "INPUT"
chain; Calico will insert its rules at the top of that chain, then "RETURN"
packets to the "INPUT" chain once it has completed processing workload
endpoint egress policy. Use ACCEPT to unconditionally accept packets from
workloads after processing workload endpoint egress policy. [Default: Drop]
- deviceRouteProtocol (integer) This defines the route protocol added to programmed device routes, by
default this will be RTPROT_BOOT when left blank.
- deviceRouteSourceAddress (string) This is the source address to use on programmed device routes. By default
the source address is left blank, leaving the kernel to choose the source
address used.
- disableConntrackInvalidCheck (boolean) (empty)
- endpointReportingDelay (string) (empty)
- endpointReportingEnabled (boolean) (empty)
- externalNodesList ([]string) ExternalNodesCIDRList is a list of CIDR's of external-non-calico-nodes
which may source tunnel traffic and have the tunneled traffic be accepted
at calico nodes.
-
failsafeInboundHostPorts ([]Object) FailsafeInboundHostPorts is a list of UDP/TCP ports and CIDRs that Felix
will allow incoming traffic to host endpoints on irrespective of the
security policy. This is useful to avoid accidentally cutting off a host
with incorrect configuration. For back-compatibility, if the protocol is
not specified, it defaults to "tcp". If a CIDR is not specified, it will
allow traffic from all addresses. To disable all inbound host ports, use
the value none. The default value allows ssh access and DHCP. [Default:
tcp:22, udp:68, tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667]
ProtoPort is combination of protocol, port, and CIDR. Protocol and port
must be specified.
- net (string) (empty)
- port (integer) (empty)
- protocol (string) (empty)
-
-
failsafeOutboundHostPorts ([]Object) FailsafeOutboundHostPorts is a list of UDP/TCP ports and CIDRs that Felix
will allow outgoing traffic from host endpoints to irrespective of the
security policy. This is useful to avoid accidentally cutting off a host
with incorrect configuration. For back-compatibility, if the protocol is
not specified, it defaults to "tcp". If a CIDR is not specified, it will
allow traffic from all addresses. To disable all outbound host ports, use
the value none. The default value opens etcd's standard ports to ensure
that Felix does not get cut off from etcd as well as allowing DHCP and DNS.
[Default: tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667,
udp:53, udp:67]
ProtoPort is combination of protocol, port, and CIDR. Protocol and port
must be specified.
- net (string) (empty)
- port (integer) (empty)
- protocol (string) (empty)
-
- featureDetectOverride (string) FeatureDetectOverride is used to override the feature detection. Values are
specified in a comma separated list with no spaces, example;
"SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". "true"
or "false" will force the feature, empty or omitted values are
auto-detected.
- genericXDPEnabled (boolean) GenericXDPEnabled enables Generic XDP so network cards that don't support
XDP offload or driver modes can use XDP. This is not recommended since it
doesn't provide better performance than iptables. [Default: false]
- healthEnabled (boolean) (empty)
- healthHost (string) (empty)
- healthPort (integer) (empty)
- interfaceExclude (string) InterfaceExclude is a comma-separated list of interfaces that Felix should
exclude when monitoring for host endpoints. The default value ensures that
Felix ignores Kubernetes' IPVS dummy interface, which is used internally by
kube-proxy. If you want to exclude multiple interface names using a single
value, the list supports regular expressions. For regular expressions you
must wrap the value with '/'. For example having values '/^kube/,veth1'
will exclude all interfaces that begin with 'kube' and also the interface
'veth1'. [Default: kube-ipvs0]
- interfacePrefix (string) InterfacePrefix is the interface name prefix that identifies workload
endpoints and so distinguishes them from host endpoint interfaces. Note: in
environments other than bare metal, the orchestrators configure this
appropriately. For example our Kubernetes and Docker integrations set the
'cali' value, and our OpenStack integration sets the 'tap' value. [Default:
cali]
- interfaceRefreshInterval (string) InterfaceRefreshInterval is the period at which Felix rescans local
interfaces to verify their state. The rescan can be disabled by setting the
interval to 0.
- ipipEnabled (boolean) (empty)
- ipipMTU (integer) IPIPMTU is the MTU to set on the tunnel device. See Configuring MTU
[Default: 1440]
- ipsetsRefreshInterval (string) IpsetsRefreshInterval is the period at which Felix re-checks all iptables
state to ensure that no other process has accidentally broken Calico's
rules. Set to 0 to disable iptables refresh. [Default: 90s]
- iptablesBackend (string) IptablesBackend specifies which backend of iptables will be used. The
default is legacy.
- iptablesFilterAllowAction (string) (empty)
- iptablesLockFilePath (string) IptablesLockFilePath is the location of the iptables lock file. You may
need to change this if the lock file is not in its standard location (for
example if you have mapped it into Felix's container at a different path).
[Default: /run/xtables.lock]
- iptablesLockProbeInterval (string) IptablesLockProbeInterval is the time that Felix will wait between attempts
to acquire the iptables lock if it is not available. Lower values make
Felix more responsive when the lock is contended, but use more CPU.
[Default: 50ms]
- iptablesLockTimeout (string) IptablesLockTimeout is the time that Felix will wait for the iptables lock,
or 0, to disable. To use this feature, Felix must share the iptables lock
file with all other processes that also take the lock. When running Felix
inside a container, this requires the /run directory of the host to be
mounted into the calico/node or calico/felix container. [Default: 0s
disabled]
- iptablesMangleAllowAction (string) (empty)
- iptablesMarkMask (integer) IptablesMarkMask is the mask that Felix selects its IPTables Mark bits
from. Should be a 32 bit hexadecimal number with at least 8 bits set, none
of which clash with any other mark bits in use on the system. [Default:
0xff000000]
- iptablesNATOutgoingInterfaceFilter (string) (empty)
- iptablesPostWriteCheckInterval (string) IptablesPostWriteCheckInterval is the period after Felix has done a write
to the dataplane that it schedules an extra read back in order to check the
write was not clobbered by another process. This should only occur if
another application on the system doesn't respect the iptables lock.
[Default: 1s]
- iptablesRefreshInterval (string) IptablesRefreshInterval is the period at which Felix re-checks the IP sets
in the dataplane to ensure that no other process has accidentally broken
Calico's rules. Set to 0 to disable IP sets refresh. Note: the default for
this value is lower than the other refresh intervals as a workaround for a
Linux kernel bug that was fixed in kernel version 4.11. If you are using
v4.11 or greater you may want to set this to, a higher value to reduce
Felix CPU usage. [Default: 10s]
- ipv6Support (boolean) (empty)
- kubeNodePortRanges ([]) KubeNodePortRanges holds list of port ranges used for service node ports.
Only used if felix detects kube-proxy running in ipvs mode. Felix uses
these ranges to separate host and workload traffic. [Default: 30000:32767].
- logFilePath (string) LogFilePath is the full path to the Felix log. Set to none to disable file
logging. [Default: /var/log/calico/felix.log]
- logPrefix (string) LogPrefix is the log prefix that Felix uses when rendering LOG rules.
[Default: calico-packet]
- logSeverityFile (string) LogSeverityFile is the log severity above which logs are sent to the log
file. [Default: Info]
- logSeverityScreen (string) LogSeverityScreen is the log severity above which logs are sent to the
stdout. [Default: Info]
- logSeveritySys (string) LogSeveritySys is the log severity above which logs are sent to the syslog.
Set to None for no logging to syslog. [Default: Info]
- maxIpsetSize (integer) (empty)
- metadataAddr (string) MetadataAddr is the IP address or domain name of the server that can answer
VM queries for cloud-init metadata. In OpenStack, this corresponds to the
machine running nova-api (or in Ubuntu, nova-api-metadata). A value of none
(case insensitive) means that Felix should not set up any NAT rule for the
metadata path. [Default: 127.0.0.1]
- metadataPort (integer) MetadataPort is the port of the metadata server. This, combined with
global.MetadataAddr (if not 'None'), is used to set up a NAT rule, from
169.254.169.254:80 to MetadataAddr:MetadataPort. In most cases this should
not need to be changed [Default: 8775].
- mtuIfacePattern (string) MTUIfacePattern is a regular expression that controls which interfaces
Felix should scan in order to calculate the host's MTU. This should not
match workload interfaces (usually named cali...).
- natOutgoingAddress (string) NATOutgoingAddress specifies an address to use when performing source NAT
for traffic in a natOutgoing pool that is leaving the network. By default
the address used is an address on the interface the traffic is leaving on
(ie it uses the iptables MASQUERADE target)
- natPortRange () NATPortRange specifies the range of ports that is used for port mapping
when doing outgoing NAT. When unset the default behavior of the network
stack is used.
- netlinkTimeout (string) (empty)
- openstackRegion (string) OpenstackRegion is the name of the region that a particular Felix belongs
to. In a multi-region Calico/OpenStack deployment, this must be configured
somehow for each Felix (here in the datamodel, or in felix.cfg or the
environment on each compute node), and must match the [calico]
openstack_region value configured in neutron.conf on each node. [Default:
Empty]
- policySyncPathPrefix (string) PolicySyncPathPrefix is used to by Felix to communicate policy changes to
external services, like Application layer policy. [Default: Empty]
- prometheusGoMetricsEnabled (boolean) PrometheusGoMetricsEnabled disables Go runtime metrics collection, which
the Prometheus client does by default, when set to false. This reduces the
number of metrics reported, reducing Prometheus load. [Default: true]
- prometheusMetricsEnabled (boolean) PrometheusMetricsEnabled enables the Prometheus metrics server in Felix if
set to true. [Default: false]
- prometheusMetricsHost (string) PrometheusMetricsHost is the host that the Prometheus metrics server should
bind to. [Default: empty]
- prometheusMetricsPort (integer) PrometheusMetricsPort is the TCP port that the Prometheus metrics server
should bind to. [Default: 9091]
- prometheusProcessMetricsEnabled (boolean) PrometheusProcessMetricsEnabled disables process metrics collection, which
the Prometheus client does by default, when set to false. This reduces the
number of metrics reported, reducing Prometheus load. [Default: true]
- prometheusWireGuardMetricsEnabled (boolean) PrometheusWireGuardMetricsEnabled disables wireguard metrics collection,
which the Prometheus client does by default, when set to false. This
reduces the number of metrics reported, reducing Prometheus load. [Default:
true]
- removeExternalRoutes (boolean) Whether or not to remove device routes that have not been programmed by
Felix. Disabling this will allow external applications to also add device
routes. This is enabled by default which means we will remove externally
added routes.
- reportingInterval (string) ReportingInterval is the interval at which Felix reports its status into
the datastore or 0 to disable. Must be non-zero in OpenStack deployments.
[Default: 30s]
- reportingTTL (string) ReportingTTL is the time-to-live setting for process-wide status reports.
[Default: 90s]
- routeRefreshInterval (string) RouteRefreshInterval is the period at which Felix re-checks the routes in
the dataplane to ensure that no other process has accidentally broken
Calico's rules. Set to 0 to disable route refresh. [Default: 90s]
- routeSource (string) RouteSource configures where Felix gets its routing information. -
WorkloadIPs: use workload endpoints to construct routes. - CalicoIPAM: the
default - use IPAM data to construct routes.
-
routeTableRange (Object) Calico programs additional Linux route tables for various purposes.
RouteTableRange specifies the indices of the route tables that Calico
should use.
- max (integer) (empty)
- min (integer) (empty)
-
- serviceLoopPrevention (string) When service IP advertisement is enabled, prevent routing loops to service
IPs that are not in use, by dropping or rejecting packets that do not get
DNAT'd by kube-proxy. Unless set to "Disabled", in which case such routing
loops continue to be allowed. [Default: Drop]
- sidecarAccelerationEnabled (boolean) SidecarAccelerationEnabled enables experimental sidecar acceleration
[Default: false]
- usageReportingEnabled (boolean) UsageReportingEnabled reports anonymous Calico version number and cluster
size to projectcalico.org. Logs warnings returned by the usage server. For
example, if a significant security vulnerability has been discovered in the
version of Calico being used. [Default: true]
- usageReportingInitialDelay (string) UsageReportingInitialDelay controls the minimum delay before Felix makes a
report. [Default: 300s]
- usageReportingInterval (string) UsageReportingInterval controls the interval at which Felix makes reports.
[Default: 86400s]
- useInternalDataplaneDriver (boolean) (empty)
- vxlanEnabled (boolean) (empty)
- vxlanMTU (integer) VXLANMTU is the MTU to set on the tunnel device. See Configuring MTU
[Default: 1440]
- vxlanPort (integer) (empty)
- vxlanVNI (integer) (empty)
- wireguardEnabled (boolean) WireguardEnabled controls whether Wireguard is enabled. [Default: false]
- wireguardHostEncryptionEnabled (boolean) WireguardHostEncryptionEnabled controls whether Wireguard host-to-host
encryption is enabled. [Default: false]
- wireguardInterfaceName (string) WireguardInterfaceName specifies the name to use for the Wireguard
interface. [Default: wg.calico]
- wireguardListeningPort (integer) WireguardListeningPort controls the listening port used by Wireguard.
[Default: 51820]
- wireguardMTU (integer) WireguardMTU controls the MTU on the Wireguard interface. See Configuring
MTU [Default: 1420]
- wireguardRoutingRulePriority (integer) WireguardRoutingRulePriority controls the priority value to use for the
Wireguard routing rule. [Default: 99]
- xdpEnabled (boolean) XDPEnabled enables XDP acceleration for suitable untracked incoming deny
rules. [Default: true]
- xdpRefreshInterval (string) XDPRefreshInterval is the period at which Felix re-checks all XDP state to
ensure that no other process has accidentally broken Calico's BPF maps or
attached programs. Set to 0 to disable XDP refresh. [Default: 90s]
-
-
-
GlobalNetworkPolicy (empty)
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) (empty)
- applyOnForward (boolean) ApplyOnForward indicates to apply the rules in this policy on forward
traffic.
- doNotTrack (boolean) DoNotTrack indicates whether packets matched by the rules in this policy
should go through the data plane's connection tracking, such as Linux
conntrack. If True, the rules in this policy are applied before any data
plane connection tracking, and packets allowed by this policy are marked as
not to be tracked.
-
egress ([]Object) The ordered set of egress rules. Each rule contains a set of packet match
criteria and a corresponding action to apply.
A Rule encapsulates a set of match criteria and an action. Both
selector-based security Policy and security Profiles reference rules -
separated out as a list of rules for both ingress and egress packet
matching. Each positive match criteria has a negated version, prefixed with
"Not". All the match criteria within a rule must be satisfied for a packet
to match. A single rule can contain the positive and negative version of a
match and both must be satisfied for the rule to match.
- action (string) (empty)
-
destination (Object) Destination contains the match criteria that apply to destination entity.
- namespaceSelector (string) NamespaceSelector is an optional field that contains a selector expression.
Only traffic that originates from (or terminates at) endpoints within the
selected namespaces will be matched. When both NamespaceSelector and
another selector are defined on the same rule, then only workload endpoints
that are matched by both selectors will be selected by the rule. For
NetworkPolicy, an empty NamespaceSelector implies that the Selector is
limited to selecting only workload endpoints in the same namespace as the
NetworkPolicy. For NetworkPolicy, `global()` NamespaceSelector implies that
the Selector is limited to selecting only GlobalNetworkSet or HostEndpoint.
For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector
applies to workload endpoints across all namespaces.
- nets ([]string) Nets is an optional field that restricts the rule to only apply to traffic
that originates from (or terminates at) IP addresses in any of the given
subnets.
- notNets ([]string) NotNets is the negated version of the Nets field.
- notPorts ([]) NotPorts is the negated version of the Ports field. Since only some
protocols have ports, if any ports are specified it requires the Protocol
match in the Rule to be set to "TCP" or "UDP".
- notSelector (string) NotSelector is the negated version of the Selector field. See Selector
field for subtleties with negated selectors.
- ports ([]) Ports is an optional field that restricts the rule to only apply to traffic
that has a source (destination) port that matches one of these
ranges/values. This value is a list of integers or strings that represent
ranges of ports. Since only some protocols have ports, if any ports are
specified it requires the Protocol match in the Rule to be set to "TCP" or
"UDP".
- selector (string) Selector is an optional field that contains a selector expression (see
Policy for sample syntax). Only traffic that originates from (terminates
at) endpoints matching the selector will be matched. Note that: in addition
to the negated version of the Selector (see NotSelector below), the
selector expression syntax itself supports negation. The two types of
negation are subtly different. One negates the set of matched endpoints,
the other negates the whole match:
Selector = "!has(my_label)" matches packets that are from other
Calico-controlled endpoints that do not have the label "my_label".
NotSelector = "has(my_label)" matches packets that are not from
Calico-controlled endpoints that do have the label "my_label". The effect
is that the latter will accept packets from non-Calico sources whereas the
former is limited to packets from Calico-controlled endpoints.
-
serviceAccounts (Object) ServiceAccounts is an optional field that restricts the rule to only apply
to traffic that originates from (or terminates at) a pod running as a
matching service account.
- names ([]string) Names is an optional field that restricts the rule to only apply to traffic
that originates from (or terminates at) a pod running as a service account
whose name is in the list.
- selector (string) Selector is an optional field that restricts the rule to only apply to
traffic that originates from (or terminates at) a pod running as a service
account that matches the given label selector. If both Names and Selector
are specified then they are AND'ed.
-
-
services (Object) Services is an optional field that contains options for matching Kubernetes
Services. If specified, only traffic that originates from or terminates at
endpoints within the selected service(s) will be matched, and only to/from
each endpoint's port. Services cannot be specified on the same rule as
Selector, NotSelector, NamespaceSelector, Nets, NotNets or ServiceAccounts.
Ports and NotPorts can only be specified with Services on ingress rules.
- name (string) Name specifies the name of a Kubernetes Service to match.
- namespace (string) Namespace specifies the namespace of the given Service. If left empty, the
rule will match within this policy's namespace.
-
-
-
http (Object) HTTP contains match criteria that apply to HTTP requests.
- methods ([]string) Methods is an optional field that restricts the rule to apply only to HTTP
requests that use one of the listed HTTP Methods (e.g. GET, PUT, etc.)
Multiple methods are OR'd together.
-
paths ([]Object) Paths is an optional field that restricts the rule to apply to HTTP
requests that use one of the listed HTTP Paths. Multiple paths are OR'd
together. e.g: - exact: /foo - prefix: /bar NOTE: Each entry may ONLY
specify either a `exact` or a `prefix` match. The validator will check for
it.
HTTPPath specifies an HTTP path to match. It may be either of the form:
exact: (path): which matches the path exactly or prefix: (path-prefix):
which matches the path prefix
- exact (string) (empty)
- prefix (string) (empty)
-
-
-
icmp (Object) ICMP is an optional field that restricts the rule to apply to a specific
type and code of ICMP traffic. This should only be specified if the
Protocol field is set to "ICMP" or "ICMPv6".
- code (integer) Match on a specific ICMP code. If specified, the Type value must also be
specified. This is a technical limitation imposed by the kernel's iptables
firewall, which Calico uses to enforce the rule.
- type (integer) Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo
Request (i.e. pings).
-
- ipVersion (integer) IPVersion is an optional field that restricts the rule to only match a
specific IP version.
-
metadata (Object) Metadata contains additional information for this rule
- annotations (map[string]string) Annotations is a set of key value pairs that give extra information about
the rule
-
-
notICMP (Object) NotICMP is the negated version of the ICMP field.
- code (integer) Match on a specific ICMP code. If specified, the Type value must also be
specified. This is a technical limitation imposed by the kernel's iptables
firewall, which Calico uses to enforce the rule.
- type (integer) Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo
Request (i.e. pings).
-
- notProtocol () NotProtocol is the negated version of the Protocol field.
- protocol () Protocol is an optional field that restricts the rule to only apply to
traffic of a specific IP protocol. Required if any of the EntityRules
contain Ports (because ports only apply to certain protocols). Must be one
of these string values: "TCP", "UDP", "ICMP", "ICMPv6", "SCTP", "UDPLite"
or an integer in the range 1-255.
-
source (Object) Source contains the match criteria that apply to source entity.
- namespaceSelector (string) NamespaceSelector is an optional field that contains a selector expression.
Only traffic that originates from (or terminates at) endpoints within the
selected namespaces will be matched. When both NamespaceSelector and
another selector are defined on the same rule, then only workload endpoints
that are matched by both selectors will be selected by the rule. For
NetworkPolicy, an empty NamespaceSelector implies that the Selector is
limited to selecting only workload endpoints in the same namespace as the
NetworkPolicy. For NetworkPolicy, `global()` NamespaceSelector implies that
the Selector is limited to selecting only GlobalNetworkSet or HostEndpoint.
For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector
applies to workload endpoints across all namespaces.
- nets ([]string) Nets is an optional field that restricts the rule to only apply to traffic
that originates from (or terminates at) IP addresses in any of the given
subnets.
- notNets ([]string) NotNets is the negated version of the Nets field.
- notPorts ([]) NotPorts is the negated version of the Ports field. Since only some
protocols have ports, if any ports are specified it requires the Protocol
match in the Rule to be set to "TCP" or "UDP".
- notSelector (string) NotSelector is the negated version of the Selector field. See Selector
field for subtleties with negated selectors.
- ports ([]) Ports is an optional field that restricts the rule to only apply to traffic
that has a source (destination) port that matches one of these
ranges/values. This value is a list of integers or strings that represent
ranges of ports. Since only some protocols have ports, if any ports are
specified it requires the Protocol match in the Rule to be set to "TCP" or
"UDP".
- selector (string) Selector is an optional field that contains a selector expression (see
Policy for sample syntax). Only traffic that originates from (terminates
at) endpoints matching the selector will be matched. Note that: in addition
to the negated version of the Selector (see NotSelector below), the
selector expression syntax itself supports negation. The two types of
negation are subtly different. One negates the set of matched endpoints,
the other negates the whole match:
Selector = "!has(my_label)" matches packets that are from other
Calico-controlled endpoints that do not have the label "my_label".
NotSelector = "has(my_label)" matches packets that are not from
Calico-controlled endpoints that do have the label "my_label". The effect
is that the latter will accept packets from non-Calico sources whereas the
former is limited to packets from Calico-controlled endpoints.
-
serviceAccounts (Object) ServiceAccounts is an optional field that restricts the rule to only apply
to traffic that originates from (or terminates at) a pod running as a
matching service account.
- names ([]string) Names is an optional field that restricts the rule to only apply to traffic
that originates from (or terminates at) a pod running as a service account
whose name is in the list.
- selector (string) Selector is an optional field that restricts the rule to only apply to
traffic that originates from (or terminates at) a pod running as a service
account that matches the given label selector. If both Names and Selector
are specified then they are AND'ed.
-
-
services (Object) Services is an optional field that contains options for matching Kubernetes
Services. If specified, only traffic that originates from or terminates at
endpoints within the selected service(s) will be matched, and only to/from
each endpoint's port. Services cannot be specified on the same rule as
Selector, NotSelector, NamespaceSelector, Nets, NotNets or ServiceAccounts.
Ports and NotPorts can only be specified with Services on ingress rules.
- name (string) Name specifies the name of a Kubernetes Service to match.
- namespace (string) Namespace specifies the namespace of the given Service. If left empty, the
rule will match within this policy's namespace.
-
-
-
-
ingress ([]Object) The ordered set of ingress rules. Each rule contains a set of packet match
criteria and a corresponding action to apply.
A Rule encapsulates a set of match criteria and an action. Both
selector-based security Policy and security Profiles reference rules -
separated out as a list of rules for both ingress and egress packet
matching. Each positive match criteria has a negated version, prefixed with
"Not". All the match criteria within a rule must be satisfied for a packet
to match. A single rule can contain the positive and negative version of a
match and both must be satisfied for the rule to match.
- action (string) (empty)
-
destination (Object) Destination contains the match criteria that apply to destination entity.
- namespaceSelector (string) NamespaceSelector is an optional field that contains a selector expression.
Only traffic that originates from (or terminates at) endpoints within the
selected namespaces will be matched. When both NamespaceSelector and
another selector are defined on the same rule, then only workload endpoints
that are matched by both selectors will be selected by the rule. For
NetworkPolicy, an empty NamespaceSelector implies that the Selector is
limited to selecting only workload endpoints in the same namespace as the
NetworkPolicy. For NetworkPolicy, `global()` NamespaceSelector implies that
the Selector is limited to selecting only GlobalNetworkSet or HostEndpoint.
For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector
applies to workload endpoints across all namespaces.
- nets ([]string) Nets is an optional field that restricts the rule to only apply to traffic
that originates from (or terminates at) IP addresses in any of the given
subnets.
- notNets ([]string) NotNets is the negated version of the Nets field.
- notPorts ([]) NotPorts is the negated version of the Ports field. Since only some
protocols have ports, if any ports are specified it requires the Protocol
match in the Rule to be set to "TCP" or "UDP".
- notSelector (string) NotSelector is the negated version of the Selector field. See Selector
field for subtleties with negated selectors.
- ports ([]) Ports is an optional field that restricts the rule to only apply to traffic
that has a source (destination) port that matches one of these
ranges/values. This value is a list of integers or strings that represent
ranges of ports. Since only some protocols have ports, if any ports are
specified it requires the Protocol match in the Rule to be set to "TCP" or
"UDP".
- selector (string) Selector is an optional field that contains a selector expression (see
Policy for sample syntax). Only traffic that originates from (terminates
at) endpoints matching the selector will be matched. Note that: in addition
to the negated version of the Selector (see NotSelector below), the
selector expression syntax itself supports negation. The two types of
negation are subtly different. One negates the set of matched endpoints,
the other negates the whole match:
Selector = "!has(my_label)" matches packets that are from other
Calico-controlled endpoints that do not have the label "my_label".
NotSelector = "has(my_label)" matches packets that are not from
Calico-controlled endpoints that do have the label "my_label". The effect
is that the latter will accept packets from non-Calico sources whereas the
former is limited to packets from Calico-controlled endpoints.
-
serviceAccounts (Object) ServiceAccounts is an optional field that restricts the rule to only apply
to traffic that originates from (or terminates at) a pod running as a
matching service account.
- names ([]string) Names is an optional field that restricts the rule to only apply to traffic
that originates from (or terminates at) a pod running as a service account
whose name is in the list.
- selector (string) Selector is an optional field that restricts the rule to only apply to
traffic that originates from (or terminates at) a pod running as a service
account that matches the given label selector. If both Names and Selector
are specified then they are AND'ed.
-
-
services (Object) Services is an optional field that contains options for matching Kubernetes
Services. If specified, only traffic that originates from or terminates at
endpoints within the selected service(s) will be matched, and only to/from
each endpoint's port. Services cannot be specified on the same rule as
Selector, NotSelector, NamespaceSelector, Nets, NotNets or ServiceAccounts.
Ports and NotPorts can only be specified with Services on ingress rules.
- name (string) Name specifies the name of a Kubernetes Service to match.
- namespace (string) Namespace specifies the namespace of the given Service. If left empty, the
rule will match within this policy's namespace.
-
-
-
http (Object) HTTP contains match criteria that apply to HTTP requests.
- methods ([]string) Methods is an optional field that restricts the rule to apply only to HTTP
requests that use one of the listed HTTP Methods (e.g. GET, PUT, etc.)
Multiple methods are OR'd together.
-
paths ([]Object) Paths is an optional field that restricts the rule to apply to HTTP
requests that use one of the listed HTTP Paths. Multiple paths are OR'd
together. e.g: - exact: /foo - prefix: /bar NOTE: Each entry may ONLY
specify either a `exact` or a `prefix` match. The validator will check for
it.
HTTPPath specifies an HTTP path to match. It may be either of the form:
exact: (path): which matches the path exactly or prefix: (path-prefix):
which matches the path prefix
- exact (string) (empty)
- prefix (string) (empty)
-
-
-
icmp (Object) ICMP is an optional field that restricts the rule to apply to a specific
type and code of ICMP traffic. This should only be specified if the
Protocol field is set to "ICMP" or "ICMPv6".
- code (integer) Match on a specific ICMP code. If specified, the Type value must also be
specified. This is a technical limitation imposed by the kernel's iptables
firewall, which Calico uses to enforce the rule.
- type (integer) Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo
Request (i.e. pings).
-
- ipVersion (integer) IPVersion is an optional field that restricts the rule to only match a
specific IP version.
-
metadata (Object) Metadata contains additional information for this rule
- annotations (map[string]string) Annotations is a set of key value pairs that give extra information about
the rule
-
-
notICMP (Object) NotICMP is the negated version of the ICMP field.
- code (integer) Match on a specific ICMP code. If specified, the Type value must also be
specified. This is a technical limitation imposed by the kernel's iptables
firewall, which Calico uses to enforce the rule.
- type (integer) Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo
Request (i.e. pings).
-
- notProtocol () NotProtocol is the negated version of the Protocol field.
- protocol () Protocol is an optional field that restricts the rule to only apply to
traffic of a specific IP protocol. Required if any of the EntityRules
contain Ports (because ports only apply to certain protocols). Must be one
of these string values: "TCP", "UDP", "ICMP", "ICMPv6", "SCTP", "UDPLite"
or an integer in the range 1-255.
-
source (Object) Source contains the match criteria that apply to source entity.
- namespaceSelector (string) NamespaceSelector is an optional field that contains a selector expression.
Only traffic that originates from (or terminates at) endpoints within the
selected namespaces will be matched. When both NamespaceSelector and
another selector are defined on the same rule, then only workload endpoints
that are matched by both selectors will be selected by the rule. For
NetworkPolicy, an empty NamespaceSelector implies that the Selector is
limited to selecting only workload endpoints in the same namespace as the
NetworkPolicy. For NetworkPolicy, `global()` NamespaceSelector implies that
the Selector is limited to selecting only GlobalNetworkSet or HostEndpoint.
For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector
applies to workload endpoints across all namespaces.
- nets ([]string) Nets is an optional field that restricts the rule to only apply to traffic
that originates from (or terminates at) IP addresses in any of the given
subnets.
- notNets ([]string) NotNets is the negated version of the Nets field.
- notPorts ([]) NotPorts is the negated version of the Ports field. Since only some
protocols have ports, if any ports are specified it requires the Protocol
match in the Rule to be set to "TCP" or "UDP".
- notSelector (string) NotSelector is the negated version of the Selector field. See Selector
field for subtleties with negated selectors.
- ports ([]) Ports is an optional field that restricts the rule to only apply to traffic
that has a source (destination) port that matches one of these
ranges/values. This value is a list of integers or strings that represent
ranges of ports. Since only some protocols have ports, if any ports are
specified it requires the Protocol match in the Rule to be set to "TCP" or
"UDP".
- selector (string) Selector is an optional field that contains a selector expression (see
Policy for sample syntax). Only traffic that originates from (terminates
at) endpoints matching the selector will be matched. Note that: in addition
to the negated version of the Selector (see NotSelector below), the
selector expression syntax itself supports negation. The two types of
negation are subtly different. One negates the set of matched endpoints,
the other negates the whole match:
Selector = "!has(my_label)" matches packets that are from other
Calico-controlled endpoints that do not have the label "my_label".
NotSelector = "has(my_label)" matches packets that are not from
Calico-controlled endpoints that do have the label "my_label". The effect
is that the latter will accept packets from non-Calico sources whereas the
former is limited to packets from Calico-controlled endpoints.
-
serviceAccounts (Object) ServiceAccounts is an optional field that restricts the rule to only apply
to traffic that originates from (or terminates at) a pod running as a
matching service account.
- names ([]string) Names is an optional field that restricts the rule to only apply to traffic
that originates from (or terminates at) a pod running as a service account
whose name is in the list.
- selector (string) Selector is an optional field that restricts the rule to only apply to
traffic that originates from (or terminates at) a pod running as a service
account that matches the given label selector. If both Names and Selector
are specified then they are AND'ed.
-
-
services (Object) Services is an optional field that contains options for matching Kubernetes
Services. If specified, only traffic that originates from or terminates at
endpoints within the selected service(s) will be matched, and only to/from
each endpoint's port. Services cannot be specified on the same rule as
Selector, NotSelector, NamespaceSelector, Nets, NotNets or ServiceAccounts.
Ports and NotPorts can only be specified with Services on ingress rules.
- name (string) Name specifies the name of a Kubernetes Service to match.
- namespace (string) Namespace specifies the namespace of the given Service. If left empty, the
rule will match within this policy's namespace.
-
-
-
- namespaceSelector (string) NamespaceSelector is an optional field for an expression used to select a
pod based on namespaces.
- order (number) Order is an optional field that specifies the order in which the policy is
applied. Policies with higher "order" are applied after those with lower
order. If the order is omitted, it may be considered to be "infinite" -
i.e. the policy will be applied last. Policies with identical order will be
applied in alphanumerical order based on the Policy "Name".
- preDNAT (boolean) PreDNAT indicates to apply the rules in this policy before any DNAT.
- selector (string) The selector is an expression used to pick pick out the endpoints that the
policy should be applied to. Selector expressions follow this syntax:
label == "string_literal" -) comparison, e.g. my_label == "foo bar" label
!= "string_literal" -) not equal; also matches if label is not present
label in { "a", "b", "c", ... } -) true if the value of label X is one of
"a", "b", "c" label not in { "a", "b", "c", ... } -) true if the value of
label X is not one of "a", "b", "c" has(label_name) -) True if that label
is present ! expr -) negation of expr expr && expr -) Short-circuit and
expr || expr -) Short-circuit or ( expr ) -) parens for grouping all() or
the empty selector -) matches all endpoints. Label names are allowed to
contain alphanumerics, -, _ and /. String literals are more permissive but
they do not support escape characters. Examples (with made-up labels):
type == "webserver" && deployment == "prod" type in {"frontend", "backend"}
deployment != "dev" ! has(label_name)
- serviceAccountSelector (string) ServiceAccountSelector is an optional field for an expression used to
select a pod based on service accounts.
- types ([]string) Types indicates whether this policy applies to ingress, or to egress, or to
both. When not explicitly specified (and so the value on creation is empty
or nil), Calico defaults Types according to what Ingress and Egress rules
are present in the policy. The default is:
- [ PolicyTypeIngress ], if there are no Egress rules (including the case
where there are also no Ingress rules)
- [ PolicyTypeEgress ], if there are Egress rules but no Ingress rules
- [ PolicyTypeIngress, PolicyTypeEgress ], if there are both Ingress and
Egress rules. When the policy is read back again, Types will always be one
of these values, never empty or nil.
PolicyType enumerates the possible values of the PolicySpec Types field.
-
-
-
GlobalNetworkSet GlobalNetworkSet contains a set of arbitrary IP sub-networks/CIDRs that
share labels to allow rules to refer to them via selectors. The labels of
GlobalNetworkSet are not namespaced.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) GlobalNetworkSetSpec contains the specification for a NetworkSet resource.
- nets ([]string) The list of IP networks that belong to this set.
-
-
-
HostEndpoint (empty)
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) HostEndpointSpec contains the specification for a HostEndpoint resource.
- expectedIPs ([]string) The expected IP addresses (IPv4 and IPv6) of the endpoint. If
"InterfaceName" is not present, Calico will look for an interface matching
any of the IPs in the list and apply policy to that. Note: When using the
selector match criteria in an ingress or egress security Policy or Profile,
Calico converts the selector into a set of IP addresses. For host
endpoints, the ExpectedIPs field is used for that purpose. (If only the
interface name is specified, Calico does not learn the IPs of the interface
for use in match criteria.)
- interfaceName (string) Either "*", or the name of a specific Linux interface to apply policy to;
or empty. "*" indicates that this HostEndpoint governs all traffic to, from
or through the default network namespace of the host named by the "Node"
field; entering and leaving that namespace via any interface, including
those from/to non-host-networked local workloads. If InterfaceName is not
"*", this HostEndpoint only governs traffic that enters or leaves the host
through the specific interface named by InterfaceName, or - when
InterfaceName is empty - through the specific interface that has one of the
IPs in ExpectedIPs. Therefore, when InterfaceName is empty, at least one
expected IP must be specified. Only external interfaces (such as "eth0")
are supported here; it isn't possible for a HostEndpoint to protect traffic
through a specific local workload interface. Note: Only some kinds of
policy are implemented for "*" HostEndpoints; initially just pre-DNAT
policy. Please check Calico documentation for the latest position.
- node (string) The node name identifying the Calico node instance.
-
ports ([]Object) Ports contains the endpoint's named ports, which may be referenced in
security policy rules.
- name (string) (empty)
- port (integer) (empty)
- protocol () (empty)
-
- profiles ([]string) A list of identifiers of security Profile objects that apply to this
endpoint. Each profile is applied in the order that they appear in this
list. Profile rules are applied after the selector-based security policy.
-
-
-
IPAMBlock (empty)
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) IPAMBlockSpec contains the specification for an IPAMBlock resource.
- affinity (string) (empty)
- allocations ([]) (empty)
-
attributes ([]Object) (empty)
- handle_id (string) (empty)
- secondary (map[string]string) (empty)
-
- cidr (string) (empty)
- deleted (boolean) (empty)
- strictAffinity (boolean) (empty)
- unallocated ([]integer) (empty)
-
-
-
IPAMConfig (empty)
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) IPAMConfigSpec contains the specification for an IPAMConfig resource.
- autoAllocateBlocks (boolean) (empty)
- maxBlocksPerHost (integer) MaxBlocksPerHost, if non-zero, is the max number of blocks that can be
affine to each host.
- strictAffinity (boolean) (empty)
-
-
-
IPAMHandle (empty)
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) IPAMHandleSpec contains the specification for an IPAMHandle resource.
- block (map[string]integer) (empty)
- deleted (boolean) (empty)
- handleID (string) (empty)
-
-
-
IPPool (empty)
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) IPPoolSpec contains the specification for an IPPool resource.
- allowedUses ([]string) AllowedUse controls what the IP pool will be used for. If not specified or
empty, defaults to ["Tunnel", "Workload"] for back-compatibility
- blockSize (integer) The block size to use for IP address assignments from this pool. Defaults
to 26 for IPv4 and 112 for IPv6.
- cidr (string) The pool CIDR.
- disableBGPExport (boolean) Disable exporting routes from this IP Pool’s CIDR over BGP. [Default:
false]
- disabled (boolean) When disabled is true, Calico IPAM will not assign addresses from this
pool.
-
ipip (Object) Deprecated: this field is only used for APIv1 backwards compatibility.
Setting this field is not allowed, this field is for internal use only.
- enabled (boolean) When enabled is true, ipip tunneling will be used to deliver packets to
destinations within this pool.
- mode (string) The IPIP mode. This can be one of "always" or "cross-subnet". A mode of
"always" will also use IPIP tunneling for routing to destination IP
addresses within this pool. A mode of "cross-subnet" will only use IPIP
tunneling when the destination node is on a different subnet to the
originating node. The default value (if not specified) is "always".
-
- ipipMode (string) Contains configuration for IPIP tunneling for this pool. If not specified,
then this is defaulted to "Never" (i.e. IPIP tunneling is disabled).
- nat-outgoing (boolean) Deprecated: this field is only used for APIv1 backwards compatibility.
Setting this field is not allowed, this field is for internal use only.
- natOutgoing (boolean) When nat-outgoing is true, packets sent from Calico networked containers in
this pool to destinations outside of this pool will be masqueraded.
- nodeSelector (string) Allows IPPool to allocate for a specific node by label selector.
- vxlanMode (string) Contains configuration for VXLAN tunneling for this pool. If not specified,
then this is defaulted to "Never" (i.e. VXLAN tunneling is disabled).
-
-
-
IPReservation (empty)
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) IPReservationSpec contains the specification for an IPReservation resource.
- reservedCIDRs ([]string) ReservedCIDRs is a list of CIDRs and/or IP addresses that Calico IPAM will
exclude from new allocations.
-
-
-
KubeControllersConfiguration (empty)
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) KubeControllersConfigurationSpec contains the values of the Kubernetes
controllers configuration.
-
controllers (Object) Controllers enables and configures individual Kubernetes controllers
-
namespace (Object) Namespace enables and configures the namespace controller. Enabled by
default, set to nil to disable.
- reconcilerPeriod (string) ReconcilerPeriod is the period to perform reconciliation with the Calico
datastore. [Default: 5m]
-
-
node (Object) Node enables and configures the node controller. Enabled by default, set to
nil to disable.
-
hostEndpoint (Object) HostEndpoint controls syncing nodes to host endpoints. Disabled by default,
set to nil to disable.
- autoCreate (string) AutoCreate enables automatic creation of host endpoints for every node.
[Default: Disabled]
-
- leakGracePeriod (string) LeakGracePeriod is the period used by the controller to determine if an IP
address has been leaked. Set to 0 to disable IP garbage collection.
[Default: 15m]
- reconcilerPeriod (string) ReconcilerPeriod is the period to perform reconciliation with the Calico
datastore. [Default: 5m]
- syncLabels (string) SyncLabels controls whether to copy Kubernetes node labels to Calico nodes.
[Default: Enabled]
-
-
policy (Object) Policy enables and configures the policy controller. Enabled by default,
set to nil to disable.
- reconcilerPeriod (string) ReconcilerPeriod is the period to perform reconciliation with the Calico
datastore. [Default: 5m]
-
-
serviceAccount (Object) ServiceAccount enables and configures the service account controller.
Enabled by default, set to nil to disable.
- reconcilerPeriod (string) ReconcilerPeriod is the period to perform reconciliation with the Calico
datastore. [Default: 5m]
-
-
workloadEndpoint (Object) WorkloadEndpoint enables and configures the workload endpoint controller.
Enabled by default, set to nil to disable.
- reconcilerPeriod (string) ReconcilerPeriod is the period to perform reconciliation with the Calico
datastore. [Default: 5m]
-
-
- etcdV3CompactionPeriod (string) EtcdV3CompactionPeriod is the period between etcdv3 compaction requests.
Set to 0 to disable. [Default: 10m]
- healthChecks (string) HealthChecks enables or disables support for health checks [Default:
Enabled]
- logSeverityScreen (string) LogSeverityScreen is the log severity above which logs are sent to the
stdout. [Default: Info]
- prometheusMetricsPort (integer) PrometheusMetricsPort is the TCP port that the Prometheus metrics server
should bind to. Set to 0 to disable. [Default: 9094]
-
-
status (Object) KubeControllersConfigurationStatus represents the status of the
configuration. It's useful for admins to be able to see the actual config
that was applied, which can be modified by environment variables on the
kube-controllers process.
- environmentVars (map[string]string) EnvironmentVars contains the environment variables on the kube-controllers
that influenced the RunningConfig.
-
runningConfig (Object) RunningConfig contains the effective config that is running in the
kube-controllers pod, after merging the API resource with any environment
variables.
-
controllers (Object) Controllers enables and configures individual Kubernetes controllers
-
namespace (Object) Namespace enables and configures the namespace controller. Enabled by
default, set to nil to disable.
- reconcilerPeriod (string) ReconcilerPeriod is the period to perform reconciliation with the Calico
datastore. [Default: 5m]
-
-
node (Object) Node enables and configures the node controller. Enabled by default, set to
nil to disable.
-
hostEndpoint (Object) HostEndpoint controls syncing nodes to host endpoints. Disabled by default,
set to nil to disable.
- autoCreate (string) AutoCreate enables automatic creation of host endpoints for every node.
[Default: Disabled]
-
- leakGracePeriod (string) LeakGracePeriod is the period used by the controller to determine if an IP
address has been leaked. Set to 0 to disable IP garbage collection.
[Default: 15m]
- reconcilerPeriod (string) ReconcilerPeriod is the period to perform reconciliation with the Calico
datastore. [Default: 5m]
- syncLabels (string) SyncLabels controls whether to copy Kubernetes node labels to Calico nodes.
[Default: Enabled]
-
-
policy (Object) Policy enables and configures the policy controller. Enabled by default,
set to nil to disable.
- reconcilerPeriod (string) ReconcilerPeriod is the period to perform reconciliation with the Calico
datastore. [Default: 5m]
-
-
serviceAccount (Object) ServiceAccount enables and configures the service account controller.
Enabled by default, set to nil to disable.
- reconcilerPeriod (string) ReconcilerPeriod is the period to perform reconciliation with the Calico
datastore. [Default: 5m]
-
-
workloadEndpoint (Object) WorkloadEndpoint enables and configures the workload endpoint controller.
Enabled by default, set to nil to disable.
- reconcilerPeriod (string) ReconcilerPeriod is the period to perform reconciliation with the Calico
datastore. [Default: 5m]
-
-
- etcdV3CompactionPeriod (string) EtcdV3CompactionPeriod is the period between etcdv3 compaction requests.
Set to 0 to disable. [Default: 10m]
- healthChecks (string) HealthChecks enables or disables support for health checks [Default:
Enabled]
- logSeverityScreen (string) LogSeverityScreen is the log severity above which logs are sent to the
stdout. [Default: Info]
- prometheusMetricsPort (integer) PrometheusMetricsPort is the TCP port that the Prometheus metrics server
should bind to. Set to 0 to disable. [Default: 9094]
-
-
-
-
NetworkSet NetworkSet is the Namespaced-equivalent of the GlobalNetworkSet.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) NetworkSetSpec contains the specification for a NetworkSet resource.
- nets ([]string) The list of IP networks that belong to this set.
-
-
API
-
APIService APIService represents a server for a particular GroupVersion. Name must be
"version.group".
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Spec contains information for locating and communicating with a server
APIServiceSpec contains information for locating and communicating with a
server. Only https is supported, though you are able to disable certificate
verification.
- caBundle (string) CABundle is a PEM encoded CA bundle which will be used to validate an API
server's serving certificate. If unspecified, system trust roots on the
apiserver are used.
- group (string) Group is the API group name this server hosts
- groupPriorityMinimum (integer) GroupPriorityMininum is the priority this group should have at least.
Higher priority means that the group is preferred by clients over lower
priority ones. Note that other versions of this group might specify even
higher GroupPriorityMininum values such that the whole group gets a higher
priority. The primary sort is based on GroupPriorityMinimum, ordered
highest number to lowest (20 before 10). The secondary sort is based on the
alphabetical comparison of the name of the object. (v1.bar before v1.foo)
We'd recommend something like: *.k8s.io (except extensions) at 18000 and
PaaSes (OpenShift, Deis) are recommended to be in the 2000s
- insecureSkipTLSVerify (boolean) InsecureSkipTLSVerify disables TLS certificate verification when
communicating with this server. This is strongly discouraged. You should
use the CABundle instead.
-
service (Object) Service is a reference to the service for this API server. It must
communicate on port 443. If the Service is nil, that means the handling for
the API groupversion is handled locally on this server. The call will
simply delegate to the normal handler chain to be fulfilled.
ServiceReference holds a reference to Service.legacy.k8s.io
- name (string) Name is the name of the service
- namespace (string) Namespace is the namespace of the service
- port (integer) If specified, the port on the service that hosting webhook. Default to 443
for backward compatibility. `port` should be a valid port number (1-65535,
inclusive).
-
- version (string) Version is the API version this server hosts. For example, "v1"
- versionPriority (integer) VersionPriority controls the ordering of this API version inside of its
group. Must be greater than zero. The primary sort is based on
VersionPriority, ordered highest to lowest (20 before 10). Since it's
inside of a group, the number can be small, probably in the 10s. In case of
equal version priorities, the version string will be used to compute the
order inside a group. If the version string is "kube-like", it will sort
above non "kube-like" version strings, which are ordered lexicographically.
"Kube-like" versions start with a "v", then are followed by a number (the
major version), then optionally the string "alpha" or "beta" and another
number (the minor version). These are sorted first by GA ) beta ) alpha
(where GA is a version with no suffix such as beta or alpha), and then by
comparing major version, then minor version. An example sorted list of
versions: v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2,
foo1, foo10.
-
-
status (Object) Status contains derived information about an API server
APIServiceStatus contains derived information about an API server
-
conditions ([]Object) Current service state of apiService.
APIServiceCondition describes the state of an APIService at a particular
point
- lastTransitionTime (string) Last time the condition transitioned from one status to another.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) Human-readable message indicating details about last transition.
- reason (string) Unique, one-word, CamelCase reason for the condition's last transition.
- status (string) Status is the status of the condition. Can be True, False, Unknown.
- type (string) Type is the type of the condition.
-
-
-
-
Lease Lease defines a lease concept.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) Specification of the Lease. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
LeaseSpec is a specification of a Lease.
- acquireTime (string) acquireTime is a time when the current lease was acquired.
MicroTime is version of Time with microsecond level precision.
- holderIdentity (string) holderIdentity contains the identity of the holder of a current lease.
- leaseDurationSeconds (integer) leaseDurationSeconds is a duration that candidates for a lease need to wait
to force acquire it. This is measure against time of last observed
RenewTime.
- leaseTransitions (integer) leaseTransitions is the number of transitions of a lease between holders.
- renewTime (string) renewTime is a time when the current holder of a lease has last updated the
lease.
MicroTime is version of Time with microsecond level precision.
-
-
-
RuntimeClass RuntimeClass defines a class of container runtime supported in the cluster.
The RuntimeClass is used to determine which container runtime is used to
run all containers in a pod. RuntimeClasses are manually defined by a user
or cluster provisioner, and referenced in the PodSpec. The Kubelet is
responsible for resolving the RuntimeClassName reference before running the
pod. For more details, see
https://kubernetes.io/docs/concepts/containers/runtime-class/
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- handler (string) Handler specifies the underlying runtime and configuration that the CRI
implementation will use to handle pods of this class. The possible values
are specific to the node & CRI configuration. It is assumed that all
handlers are available on every node, and handlers of the same name are
equivalent on every node. For example, a handler called "runc" might
specify that the runc OCI runtime (using native Linux containers) will be
used to run the containers in a pod. The Handler must be lowercase, conform
to the DNS Label (RFC 1123) requirements, and is immutable.
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
overhead (Object) Overhead represents the resource overhead associated with running a pod for
a given RuntimeClass. For more details, see
https://kubernetes.io/docs/concepts/scheduling-eviction/pod-overhead/ This
field is in beta starting v1.18 and is only honored by servers that enable
the PodOverhead feature.
Overhead structure represents the resource overhead associated with running
a pod.
- podFixed (map[string]string) PodFixed represents the fixed resource overhead associated with running a
pod.
Quantity is a fixed-point representation of a number. It provides
convenient marshaling/unmarshaling in JSON and YAML, in addition to
String() and AsInt64() accessors.
The serialization format is:
(quantity) ::= (signedNumber)(suffix) (Note that (suffix) may be empty,
from the "" case in (decimalSI).) (digit) ::= 0 | 1 | ... | 9 (digits) ::=
(digit) | (digit)(digits) (number) ::= (digits) | (digits).(digits) |
(digits). | .(digits) (sign) ::= "+" | "-" (signedNumber) ::= (number) |
(sign)(number) (suffix) ::= (binarySI) | (decimalExponent) | (decimalSI)
(binarySI) ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units;
See: http://physics.nist.gov/cuu/Units/binary.html) (decimalSI) ::= m | ""
| k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't
choose the capitalization.) (decimalExponent) ::= "e" (signedNumber) | "E"
(signedNumber)
No matter which of the three exponent forms is used, no quantity may
represent a number greater than 2^63-1 in magnitude, nor may it have more
than 3 decimal places. Numbers larger or more precise will be capped or
rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the
future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of
suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means
that Exponent/suffix will be adjusted up or down (with a corresponding
increase or decrease in Mantissa) such that:
a. No precision is lost b. No fractional digits will be emitted c. The
exponent (or suffix) is as large as possible. The sign will be omitted
unless the number is negative.
Examples:
1.5 will be serialized as "1500m" 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating
point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but
will be re-emitted in their canonical form. (So always use canonical form,
or don't diff.)
This format is intended to make it difficult to use these numbers without
writing some sort of special handling code in the hopes that that will
cause implementors to also use a fixed point implementation.
-
-
scheduling (Object) Scheduling holds the scheduling constraints to ensure that pods running
with this RuntimeClass are scheduled to nodes that support it. If
scheduling is nil, this RuntimeClass is assumed to be supported by all
nodes.
Scheduling specifies the scheduling constraints for nodes supporting a
RuntimeClass.
- nodeSelector (map[string]string) nodeSelector lists labels that must be present on nodes that support this
RuntimeClass. Pods using this RuntimeClass can only be scheduled to a node
matched by this selector. The RuntimeClass nodeSelector is merged with a
pod's existing nodeSelector. Any conflicts will cause the pod to be
rejected in admission.
-
tolerations ([]Object) tolerations are appended (excluding duplicates) to pods running with this
RuntimeClass during admission, effectively unioning the set of nodes
tolerated by the pod and the RuntimeClass.
The pod this Toleration is attached to tolerates any taint that matches the
triple (key,value,effect) using the matching operator (operator).
- effect (string) Effect indicates the taint effect to match. Empty means match all taint
effects. When specified, allowed values are NoSchedule, PreferNoSchedule
and NoExecute.
- key (string) Key is the taint key that the toleration applies to. Empty means match all
taint keys. If the key is empty, operator must be Exists; this combination
means to match all values and all keys.
- operator (string) Operator represents a key's relationship to the value. Valid operators are
Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for
value, so that a pod can tolerate all taints of a particular category.
- tolerationSeconds (integer) TolerationSeconds represents the period of time the toleration (which must
be of effect NoExecute, otherwise this field is ignored) tolerates the
taint. By default, it is not set, which means tolerate the taint forever
(do not evict). Zero and negative values will be treated as 0 (evict
immediately) by the system.
- value (string) Value is the taint value the toleration matches to. If the operator is
Exists, the value should be empty, otherwise just a regular string.
-
-
-
-
FlowSchema FlowSchema defines the schema of a group of flows. Note that a flow is made
up of a set of inbound API requests with similar attributes and is
identified by a pair of strings: the name of the FlowSchema and a "flow
distinguisher".
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) `metadata` is the standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) `spec` is the specification of the desired behavior of a FlowSchema. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
FlowSchemaSpec describes how the FlowSchema's specification looks like.
-
distinguisherMethod (Object) `distinguisherMethod` defines how to compute the flow distinguisher for
requests that match this schema. `nil` specifies that the distinguisher is
disabled and thus will always be the empty string.
FlowDistinguisherMethod specifies the method of a flow distinguisher.
- type (string) `type` is the type of flow distinguisher method The supported types are
"ByUser" and "ByNamespace". Required.
-
- matchingPrecedence (integer) `matchingPrecedence` is used to choose among the FlowSchemas that match a
given request. The chosen FlowSchema is among those with the numerically
lowest (which we take to be logically highest) MatchingPrecedence. Each
MatchingPrecedence value must be ranged in [1,10000]. Note that if the
precedence is not specified, it will be set to 1000 as default.
-
priorityLevelConfiguration (Object) `priorityLevelConfiguration` should reference a PriorityLevelConfiguration
in the cluster. If the reference cannot be resolved, the FlowSchema will be
ignored and marked as invalid in its status. Required.
PriorityLevelConfigurationReference contains information that points to the
"request-priority" being used.
- name (string) `name` is the name of the priority level configuration being referenced
Required.
-
-
rules ([]Object) `rules` describes which requests will match this flow schema. This
FlowSchema matches a request if and only if at least one member of rules
matches the request. if it is an empty slice, there will be no requests
matching the FlowSchema.
PolicyRulesWithSubjects prescribes a test that applies to a request to an
apiserver. The test considers the subject making the request, the verb
being requested, and the resource to be acted upon. This
PolicyRulesWithSubjects matches a request if and only if both (a) at least
one member of subjects matches the request and (b) at least one member of
resourceRules or nonResourceRules matches the request.
-
nonResourceRules ([]Object) `nonResourceRules` is a list of NonResourcePolicyRules that identify
matching requests according to their verb and the target non-resource URL.
NonResourcePolicyRule is a predicate that matches non-resource requests
according to their verb and the target non-resource URL. A
NonResourcePolicyRule matches a request if and only if both (a) at least
one member of verbs matches the request and (b) at least one member of
nonResourceURLs matches the request.
- nonResourceURLs ([]string) `nonResourceURLs` is a set of url prefixes that a user should have access
to and may not be empty. For example:
- "/healthz" is legal
- "/hea*" is illegal
- "/hea" is legal but matches nothing
- "/hea/*" also matches nothing
- "/healthz/*" matches all per-component health checks. "*" matches all
non-resource urls. if it is present, it must be the only entry. Required.
- verbs ([]string) `verbs` is a list of matching verbs and may not be empty. "*" matches all
verbs. If it is present, it must be the only entry. Required.
-
-
resourceRules ([]Object) `resourceRules` is a slice of ResourcePolicyRules that identify matching
requests according to their verb and the target resource. At least one of
`resourceRules` and `nonResourceRules` has to be non-empty.
ResourcePolicyRule is a predicate that matches some resource requests,
testing the request's verb and the target resource. A ResourcePolicyRule
matches a resource request if and only if: (a) at least one member of verbs
matches the request, (b) at least one member of apiGroups matches the
request, (c) at least one member of resources matches the request, and (d)
either (d1) the request does not specify a namespace (i.e.,
`Namespace==""`) and clusterScope is true or (d2) the request specifies a
namespace and least one member of namespaces matches the request's
namespace.
- apiGroups ([]string) `apiGroups` is a list of matching API groups and may not be empty. "*"
matches all API groups and, if present, must be the only entry. Required.
- clusterScope (boolean) `clusterScope` indicates whether to match requests that do not specify a
namespace (which happens either because the resource is not namespaced or
the request targets all namespaces). If this field is omitted or false then
the `namespaces` field must contain a non-empty list.
- namespaces ([]string) `namespaces` is a list of target namespaces that restricts matches. A
request that specifies a target namespace matches only if either (a) this
list contains that target namespace or (b) this list contains "*". Note
that "*" matches any specified namespace but does not match a request that
_does not specify_ a namespace (see the `clusterScope` field for that).
This list may be empty, but only if `clusterScope` is true.
- resources ([]string) `resources` is a list of matching resources (i.e., lowercase and plural)
with, if desired, subresource. For example, [ "services", "nodes/status" ].
This list may not be empty. "*" matches all resources and, if present, must
be the only entry. Required.
- verbs ([]string) `verbs` is a list of matching verbs and may not be empty. "*" matches all
verbs and, if present, must be the only entry. Required.
-
-
subjects ([]Object) subjects is the list of normal user, serviceaccount, or group that this
rule cares about. There must be at least one member in this slice. A slice
that includes both the system:authenticated and system:unauthenticated user
groups matches every request. Required.
Subject matches the originator of a request, as identified by the request
authentication system. There are three ways of matching an originator; by
user, group, or service account.
-
group (Object) `group` matches based on user group name.
GroupSubject holds detailed information for group-kind subject.
- name (string) name is the user group that matches, or "*" to match all user groups. See
https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/user/user.go
for some well-known group names. Required.
-
- kind (string) `kind` indicates which one of the other fields is non-empty. Required
-
serviceAccount (Object) `serviceAccount` matches ServiceAccounts.
ServiceAccountSubject holds detailed information for service-account-kind
subject.
- name (string) `name` is the name of matching ServiceAccount objects, or "*" to match
regardless of name. Required.
- namespace (string) `namespace` is the namespace of matching ServiceAccount objects. Required.
-
-
user (Object) `user` matches based on username.
UserSubject holds detailed information for user-kind subject.
- name (string) `name` is the username that matches, or "*" to match all usernames.
Required.
-
-
-
-
-
status (Object) `status` is the current status of a FlowSchema. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
FlowSchemaStatus represents the current state of a FlowSchema.
-
conditions ([]Object) `conditions` is a list of the current states of FlowSchema.
FlowSchemaCondition describes conditions for a FlowSchema.
- lastTransitionTime (string) `lastTransitionTime` is the last time the condition transitioned from one
status to another.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) `message` is a human-readable message indicating details about last
transition.
- reason (string) `reason` is a unique, one-word, CamelCase reason for the condition's last
transition.
- status (string) `status` is the status of the condition. Can be True, False, Unknown.
Required.
- type (string) `type` is the type of the condition. Required.
-
-
-
-
PriorityLevelConfiguration PriorityLevelConfiguration represents the configuration of a priority
level.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) `metadata` is the standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) `spec` is the specification of the desired behavior of a
"request-priority". More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
PriorityLevelConfigurationSpec specifies the configuration of a priority
level.
-
limited (Object) `limited` specifies how requests are handled for a Limited priority level.
This field must be non-empty if and only if `type` is `"Limited"`.
LimitedPriorityLevelConfiguration specifies how to handle requests that are
subject to limits. It addresses two issues:
* How are requests for this priority level limited?
* What should be done with requests that exceed the limit?
- assuredConcurrencyShares (integer) `assuredConcurrencyShares` (ACS) configures the execution limit, which is a
limit on the number of requests of this priority level that may be
exeucting at a given time. ACS must be a positive number. The server's
concurrency limit (SCL) is divided among the concurrency-controlled
priority levels in proportion to their assured concurrency shares. This
produces the assured concurrency value (ACV) --- the number of requests
that may be executing at a time --- for each such priority level:
ACV(l) = ceil( SCL * ACS(l) / ( sum[priority levels k] ACS(k) ) )
bigger numbers of ACS mean more reserved concurrent requests (at the
expense of every other PL). This field has a default value of 30.
-
limitResponse (Object) `limitResponse` indicates what to do with requests that can not be executed
right now
LimitResponse defines how to handle requests that can not be executed right
now.
-
queuing (Object) `queuing` holds the configuration parameters for queuing. This field may be
non-empty only if `type` is `"Queue"`.
QueuingConfiguration holds the configuration parameters for queuing
- handSize (integer) `handSize` is a small positive number that configures the shuffle sharding
of requests into queues. When enqueuing a request at this priority level
the request's flow identifier (a string pair) is hashed and the hash value
is used to shuffle the list of queues and deal a hand of the size specified
here. The request is put into one of the shortest queues in that hand.
`handSize` must be no larger than `queues`, and should be significantly
smaller (so that a few heavy flows do not saturate most of the queues). See
the user-facing documentation for more extensive guidance on setting this
field. This field has a default value of 8.
- queueLengthLimit (integer) `queueLengthLimit` is the maximum number of requests allowed to be waiting
in a given queue of this priority level at a time; excess requests are
rejected. This value must be positive. If not specified, it will be
defaulted to 50.
- queues (integer) `queues` is the number of queues for this priority level. The queues exist
independently at each apiserver. The value must be positive. Setting it to
1 effectively precludes shufflesharding and thus makes the distinguisher
method of associated flow schemas irrelevant. This field has a default
value of 64.
-
- type (string) `type` is "Queue" or "Reject". "Queue" means that requests that can not be
executed upon arrival are held in a queue until they can be executed or a
queuing limit is reached. "Reject" means that requests that can not be
executed upon arrival are rejected. Required.
-
-
- type (string) `type` indicates whether this priority level is subject to limitation on
request execution. A value of `"Exempt"` means that requests of this
priority level are not subject to a limit (and thus are never queued) and
do not detract from the capacity made available to other priority levels. A
value of `"Limited"` means that (a) requests of this priority level _are_
subject to limits and (b) some of the server's limited capacity is made
available exclusively to this priority level. Required.
-
-
status (Object) `status` is the current status of a "request-priority". More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
PriorityLevelConfigurationStatus represents the current state of a
"request-priority".
-
conditions ([]Object) `conditions` is the current state of "request-priority".
PriorityLevelConfigurationCondition defines the condition of priority
level.
- lastTransitionTime (string) `lastTransitionTime` is the last time the condition transitioned from one
status to another.
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- message (string) `message` is a human-readable message indicating details about last
transition.
- reason (string) `reason` is a unique, one-word, CamelCase reason for the condition's last
transition.
- status (string) `status` is the status of the condition. Can be True, False, Unknown.
Required.
- type (string) `type` is the type of the condition. Required.
-
-
-
Deprecated
-
ComponentStatus ComponentStatus (and ComponentStatusList) holds the cluster validation
info. Deprecated: This API is deprecated in v1.19+
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-
conditions ([]Object) List of component conditions observed
Information about the condition of a component.
- error (string) Condition error code for a component. For example, a health check error
code.
- message (string) Message about the condition for a component. For example, information about
a health check.
- status (string) Status of the condition for a component. Valid values for "Healthy":
"True", "False", or "Unknown".
- type (string) Type of condition for a component. Valid value: "Healthy"
-
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
-
Binding Binding ties one object to another; for example, a pod is bound to a node
by a scheduler. Deprecated in 1.7, please use the bindings subresource of
pods instead.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
target (Object) The target object that you want to bind to the standard object.
ObjectReference contains enough information to let you inspect or modify
the referred object.
- apiVersion (string) API version of the referent.
- fieldPath (string) If referring to a piece of an object instead of an entire object, this
string should contain a valid JSON/Go field access statement, such as
desiredState.manifest.containers[2]. For example, if the object reference
is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container
that triggered the event) or if no container name is specified
"spec.containers[2]" (container with index 2 in this pod). This syntax is
chosen only to have some well-defined way of referencing a part of an
object.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- namespace (string) Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- resourceVersion (string) Specific resourceVersion to which this reference is made, if any. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- uid (string) UID of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-
-
-
PodSecurityPolicy PodSecurityPolicy governs the ability to make requests that affect the
Security Context that will be applied to a pod and container. Deprecated in
1.21.
- apiVersion (string) APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- kind (string) Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
metadata (Object) Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
- annotations (map[string]string) Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
- clusterName (string) The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
- creationTimestamp (string) CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- deletionGracePeriodSeconds (integer) Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
- deletionTimestamp (string) DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
- finalizers ([]string) Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed. Finalizers may be processed and removed in
any order. Order is NOT enforced because it introduces significant risk of
stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first
finalizer in the list is waiting for a signal (field value, external
system, or other) produced by a component responsible for a finalizer later
in the list, resulting in a deadlock. Without enforced ordering finalizers
are free to order amongst themselves and are not vulnerable to ordering
changes in the list.
- generateName (string) GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with
Reason ServerTimeout indicating a unique name could not be found in the
time allotted, and the client should retry (optionally after the time
indicated in the Retry-After header).
Applied only if Name is not specified. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation (integer) A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
- labels (map[string]string) Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
-
managedFields ([]Object) ManagedFields maps workflow-id and version to the set of fields that are
managed by that workflow. This is mostly for internal housekeeping, and
users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific
apply path like "ci-cd". The set of fields is always in the version that
the workflow used when modifying the object.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of
the resource that the fieldset applies to.
- apiVersion (string) APIVersion defines the version of this resource that this field set applies
to. The format is "group/version" just like the top-level APIVersion field.
It is necessary to track the version of a field set because it cannot be
automatically converted.
- fieldsType (string) FieldsType is the discriminator for the different fields format and
version. There is currently only one possible value: "FieldsV1"
- fieldsV1 (map[string]) FieldsV1 holds the first JSON version format as described in the "FieldsV1"
type.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON
format.
Each key is either a '.' representing the field itself, and will always map
to an empty set, or a string representing a sub-field or item. The string
will follow one of these four formats: 'f:(name)', where (name) is the name
of a field in a struct, or key in a map 'v:(value)', where (value) is the
exact json formatted value of a list item 'i:(index)', where (index) is
position of a item in a list 'k:(keys)', where (keys) is a map of a list
item's key fields to their unique values If a key maps to an empty Fields
value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
- manager (string) Manager is an identifier of the workflow managing these fields.
- operation (string) Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and
'Update'.
- subresource (string) Subresource is the name of the subresource used to update that object, or
empty string if the object was updated through the main resource. The value
of this field is used to distinguish between managers, even if they share
the same name. For example, a status update will be distinct from a regular
update using the same manager name. Note that the APIVersion field is not
related to the Subresource field and it always corresponds to the version
of the main resource.
- time (string) Time is timestamp of when these fields were set. It should always be empty
if Operation is 'Apply'
Time is a wrapper around time.Time which supports correct marshaling to
YAML and JSON. Wrappers are provided for many of the factory methods that
the time package offers.
-
- name (string) Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace (string) Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
-
ownerReferences ([]Object) List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
OwnerReference contains enough information to let you identify an owning
object. An owning object must be in the same namespace as the dependent, or
be cluster-scoped, so there is no namespace field.
- apiVersion (string) API version of the referent.
- blockOwnerDeletion (boolean) If true, AND if the owner has the "foregroundDeletion" finalizer, then the
owner cannot be deleted from the key-value store until this reference is
removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be
returned.
- controller (boolean) If true, this reference points to the managing controller.
- kind (string) Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- name (string) Name of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#names
- uid (string) UID of the referent. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
- resourceVersion (string) An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by
clients and . More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink (string) SelfLink is a URL representing this object. Populated by the system.
Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
the field is planned to be removed in 1.21 release.
- uid (string) UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
Populated by the system. Read-only. More info:
http://kubernetes.io/docs/user-guide/identifiers#uids
-
-
spec (Object) spec defines the policy enforced.
PodSecurityPolicySpec defines the policy enforced.
- allowPrivilegeEscalation (boolean) allowPrivilegeEscalation determines if a pod can request to allow privilege
escalation. If unspecified, defaults to true.
-
allowedCSIDrivers ([]Object) AllowedCSIDrivers is an allowlist of inline CSI drivers that must be
explicitly set to be embedded within a pod spec. An empty value indicates
that any CSI driver can be used for inline ephemeral volumes. This is a
beta field, and is only honored if the API server enables the
CSIInlineVolume feature gate.
AllowedCSIDriver represents a single inline CSI Driver that is allowed to
be used.
- name (string) Name is the registered name of the CSI driver
-
- allowedCapabilities ([]string) allowedCapabilities is a list of capabilities that can be requested to add
to the container. Capabilities in this field may be added at the pod
author's discretion. You must not list a capability in both
allowedCapabilities and requiredDropCapabilities.
-
allowedFlexVolumes ([]Object) allowedFlexVolumes is an allowlist of Flexvolumes. Empty or nil indicates
that all Flexvolumes may be used. This parameter is effective only when the
usage of the Flexvolumes is allowed in the "volumes" field.
AllowedFlexVolume represents a single Flexvolume that is allowed to be
used.
- driver (string) driver is the name of the Flexvolume driver.
-
-
allowedHostPaths ([]Object) allowedHostPaths is an allowlist of host paths. Empty indicates that all
host paths may be used.
AllowedHostPath defines the host volume conditions that will be enabled by
a policy for pods to use. It requires the path prefix to be defined.
- pathPrefix (string) pathPrefix is the path prefix that the host volume must match. It does not
support `*`. Trailing slashes are trimmed when validating the path prefix
with a host path.
Examples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would
not allow `/food` or `/etc/foo`
- readOnly (boolean) when set to true, will allow host volumes matching the pathPrefix only if
all volume mounts are readOnly.
-
- allowedProcMountTypes ([]string) AllowedProcMountTypes is an allowlist of allowed ProcMountTypes. Empty or
nil indicates that only the DefaultProcMountType may be used. This requires
the ProcMountType feature flag to be enabled.
- allowedUnsafeSysctls ([]string) allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls,
defaults to none. Each entry is either a plain sysctl name or ends in "*"
in which case it is considered as a prefix of allowed sysctls. Single *
means all unsafe sysctls are allowed. Kubelet has to allowlist all allowed
unsafe sysctls explicitly to avoid rejection.
Examples: e.g. "foo/*" allows "foo/bar", "foo/baz", etc. e.g. "foo.*"
allows "foo.bar", "foo.baz", etc.
- defaultAddCapabilities ([]string) defaultAddCapabilities is the default set of capabilities that will be
added to the container unless the pod spec specifically drops the
capability. You may not list a capability in both defaultAddCapabilities
and requiredDropCapabilities. Capabilities added here are implicitly
allowed, and need not be included in the allowedCapabilities list.
- defaultAllowPrivilegeEscalation (boolean) defaultAllowPrivilegeEscalation controls the default setting for whether a
process can gain more privileges than its parent process.
- forbiddenSysctls ([]string) forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to
none. Each entry is either a plain sysctl name or ends in "*" in which case
it is considered as a prefix of forbidden sysctls. Single * means all
sysctls are forbidden.
Examples: e.g. "foo/*" forbids "foo/bar", "foo/baz", etc. e.g. "foo.*"
forbids "foo.bar", "foo.baz", etc.
-
fsGroup (Object) fsGroup is the strategy that will dictate what fs group is used by the
SecurityContext.
FSGroupStrategyOptions defines the strategy type and options used to create
the strategy.
-
ranges ([]Object) ranges are the allowed ranges of fs groups. If you would like to force a
single fs group then supply a single range with the same start and end.
Required for MustRunAs.
IDRange provides a min/max of an allowed range of IDs.
- max (integer) max is the end of the range, inclusive.
- min (integer) min is the start of the range, inclusive.
-
- rule (string) rule is the strategy that will dictate what FSGroup is used in the
SecurityContext.
-
- hostIPC (boolean) hostIPC determines if the policy allows the use of HostIPC in the pod spec.
- hostNetwork (boolean) hostNetwork determines if the policy allows the use of HostNetwork in the
pod spec.
- hostPID (boolean) hostPID determines if the policy allows the use of HostPID in the pod spec.
-
hostPorts ([]Object) hostPorts determines which host port ranges are allowed to be exposed.
HostPortRange defines a range of host ports that will be enabled by a
policy for pods to use. It requires both the start and end to be defined.
- max (integer) max is the end of the range, inclusive.
- min (integer) min is the start of the range, inclusive.
-
- privileged (boolean) privileged determines if a pod can request to be run as privileged.
- readOnlyRootFilesystem (boolean) readOnlyRootFilesystem when set to true will force containers to run with a
read only root file system. If the container specifically requests to run
with a non-read only root file system the PSP should deny the pod. If set
to false the container may run with a read only root file system if it
wishes but it will not be forced to.
- requiredDropCapabilities ([]string) requiredDropCapabilities are the capabilities that will be dropped from the
container. These are required to be dropped and cannot be added.
-
runAsGroup (Object) RunAsGroup is the strategy that will dictate the allowable RunAsGroup
values that may be set. If this field is omitted, the pod's RunAsGroup can
take any value. This field requires the RunAsGroup feature gate to be
enabled.
RunAsGroupStrategyOptions defines the strategy type and any options used to
create the strategy.
-
ranges ([]Object) ranges are the allowed ranges of gids that may be used. If you would like
to force a single gid then supply a single range with the same start and
end. Required for MustRunAs.
IDRange provides a min/max of an allowed range of IDs.
- max (integer) max is the end of the range, inclusive.
- min (integer) min is the start of the range, inclusive.
-
- rule (string) rule is the strategy that will dictate the allowable RunAsGroup values that
may be set.
-
-
runAsUser (Object) runAsUser is the strategy that will dictate the allowable RunAsUser values
that may be set.
RunAsUserStrategyOptions defines the strategy type and any options used to
create the strategy.
-
ranges ([]Object) ranges are the allowed ranges of uids that may be used. If you would like
to force a single uid then supply a single range with the same start and
end. Required for MustRunAs.
IDRange provides a min/max of an allowed range of IDs.
- max (integer) max is the end of the range, inclusive.
- min (integer) min is the start of the range, inclusive.
-
- rule (string) rule is the strategy that will dictate the allowable RunAsUser values that
may be set.
-
-
runtimeClass (Object) runtimeClass is the strategy that will dictate the allowable RuntimeClasses
for a pod. If this field is omitted, the pod's runtimeClassName field is
unrestricted. Enforcement of this field depends on the RuntimeClass feature
gate being enabled.
RuntimeClassStrategyOptions define the strategy that will dictate the
allowable RuntimeClasses for a pod.
- allowedRuntimeClassNames ([]string) allowedRuntimeClassNames is an allowlist of RuntimeClass names that may be
specified on a pod. A value of "*" means that any RuntimeClass name is
allowed, and must be the only item in the list. An empty list requires the
RuntimeClassName field to be unset.
- defaultRuntimeClassName (string) defaultRuntimeClassName is the default RuntimeClassName to set on the pod.
The default MUST be allowed by the allowedRuntimeClassNames list. A value
of nil does not mutate the Pod.
-
-
seLinux (Object) seLinux is the strategy that will dictate the allowable labels that may be
set.
SELinuxStrategyOptions defines the strategy type and any options used to
create the strategy.
- rule (string) rule is the strategy that will dictate the allowable labels that may be
set.
-
seLinuxOptions (Object) seLinuxOptions required to run as; required for MustRunAs More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SELinuxOptions are the labels to be applied to the container
- level (string) Level is SELinux level label that applies to the container.
- role (string) Role is a SELinux role label that applies to the container.
- type (string) Type is a SELinux type label that applies to the container.
- user (string) User is a SELinux user label that applies to the container.
-
-
-
supplementalGroups (Object) supplementalGroups is the strategy that will dictate what supplemental
groups are used by the SecurityContext.
SupplementalGroupsStrategyOptions defines the strategy type and options
used to create the strategy.
-
ranges ([]Object) ranges are the allowed ranges of supplemental groups. If you would like to
force a single supplemental group then supply a single range with the same
start and end. Required for MustRunAs.
IDRange provides a min/max of an allowed range of IDs.
- max (integer) max is the end of the range, inclusive.
- min (integer) min is the start of the range, inclusive.
-
- rule (string) rule is the strategy that will dictate what supplemental groups is used in
the SecurityContext.
-
- volumes ([]string) volumes is an allowlist of volume plugins. Empty indicates that no volumes
may be used. To allow all volumes you may use '*'.
-
-